Reframing Insider Threat: What Does it Mean When Everyone’s Working from Home?

There’s no shortage of articles and blog posts discussing the near-term implications of our current situation. Cloud services and applications fill the void to help ensure employee productivity and business continuity. But what are the long-term business implications of a fully remote workforce as it relates to cybersecurity?

Board members and senior leaders of global companies seeking answers to this question can start by examining the changing nature of insider threats. Years ago, protecting against insider threats meant focusing cybersecurity efforts on keeping bad actors out. In recent years, hackers have executed increasingly sophisticated attacks to compromise employee credentials, which, when successful (such as this recent breach of 5.2 million consumers’ PII), allows bad actors to impersonate employees — thereby rendering many traditional cybersecurity defenses obsolete. Today, there’s  a growing problem: data exfiltration (any unauthorized movement of data) that happens more quickly than ever. And with the recent rapid and urgent shift to support remote workers at scale we can expect this will drive an exponential increase in data exfiltration opportunities for bad actors. 

Data is the lifeblood of your business. As are your employees. And, to stay in business in the years ahead it has never been more imperative to employ security solutions that protect the digital crown jewels and those that interact with this critical IP. And as part of any good data loss prevention (DLP) plan there has to be a thoughtful security strategy as well around guarding against insider threats. This is both a back-office and front of house strategy that involves deploying security solutions that know where your critical data resides with the capability to automate security response as the risk level relevant to the digital identity accessing that data goes up or down. And, employees can be your strongest front line security defense with education and active security hygiene reinforcement, which is even more critical as the majority of workforces move remote.

For CISOs and their security teams, this also means we’re quickly moving into a new reality where compliance to global IT standards (ISO, NIST, CMMC, etc.) is only the starting point. This future will impact your employees, your departments and your business overall. Here’s a quick look at just a few of those implications: 

Employee Implications:

• It requires embracing new ways to work with colleagues and partners. 
• It requires them to be more diligent in how they handle sensitive company information, especially at remote workplaces.
• It requires them to operate with a higher level of understanding how to keep data secure. It means embracing new security policies designed to protect both physical and digital data.

Departmental and Broader Business Implications:

• Human Resources – This changes existing onboarding processes, ongoing training processes and employee termination processes. It also rapidly expands the concept of monitoring behavior in the workplace. 
• Facilities – It requires rethinking the definition of the workplace. It’s now expanded well beyond the borders of a company’s buildings. How do you secure your company’s physical assets beyond fixed assets you operate? Longer-term, it expands to include additional financial implications, since it most likely means redistributing assets and resources from central office structures to more distributed, remote work structures.
• IT/ Security – Beyond mandatory MFA, it is imperative today to have visibility into the context of where data resides, who is touching that data and how it is moving. To secure data in this new way of working, ingesting telemetry data about a connection or session can mean the difference between stopping a breach before it happens or launching an investigation into what was lost and its ultimate impact on your business. 
•  Product Teams – This most likely requires an expansion of agreements with contractors and business partners, especially as you think of them as an extension of your employee base. 

Managing and supporting a fully remote workforce isn’t a one-time problem - it’s the new way of working. Many companies already struggle to manage insider threats to their data and security—a situation today made more complex as we try to secure a rapidly-expanding definition of the workplace. Business leaders who recognize the value in a first-mover opportunity and take steps today to mitigate the long-term business and cybersecurity impact of current events will ultimately garner a business advantage over competitive players slower to move. How businesses respond today will help determine the industry leaders of the future. 

Carl Eberling

Guest Author CIO, Forcepoint