Industry Insights

Insider Threat News: Week of June 12

5 min Read

Code42

The future of work is as much about “where” we work as it is about “how” we work. We’re living in a time when emailing, Slacking and sharing Google docs — regardless of where we’re actually working — are the norm. The challenge is, the cloud-based collaboration tools that companies have rolled out to move faster and be more productive are the same vectors used for data exfiltration. So, how do companies distinguish between everyday collaboration and the insider threats that put data at risk? Read some of the latest data security news, including what industry leaders are saying about protecting data from loss, leak or theft.

Long-Term Remote Work: Keeping Workers Productive and Secure

Excerpt from a byline by Code42 President and CEO Joe Payne on Dark Reading

“The future of work has fundamentally changed. According to recent industry research, nearly three-quarters of CFO respondents plan to move more employees into permanent remote positions after the COVID-19 pandemic. The reality is that working from home and the collaboration apps that keep employees connected and productive are here to stay.

“When it comes to securing a collaborative culture, covertly counting keystrokes or tracking how long workers are on their computers is antiquated police-state security. Surveillance of end users stands in stark opposition to what an open, collaborative culture is all about. If you accept these as truths, it is not a difficult leap to see that conventional approaches to data security must change.

“There is a new way to think about data security. It starts by assuming positive rather than negative intent. It’s based on trusting and verifying versus not trusting at all.”

For more, read the full article on Dark Reading

How COVID-19 Changed The Way Software Developers Think About Data Security

Excerpt from an interview by Bernadette Wilson with Code42 CTO Rob Juncker in DevPro Journal

“While collaboration technology has made it easy for employees to share files legitimately, it’s also made it easier for them to be tempted to take, or accidentally leak, data. We are all working together, collaborating and using tools that allow us to do our work in the fastest way we can. This means we are often taking code, product roadmaps, or strategic direction and sharing them in tools where common access is much wider. In the past, I might privately discuss a product roadmap or a technology with a small group of scrum masters of architecture teams, but now those conversations have moved to tools like our Wiki’s, ticket tracking systems or product roadmap collaboration sites. This means more people have access to sensitive information. That’s why it is more important than ever for our security technologies to reliably surface the data and files that are being shared internally and externally, whether unintentionally or maliciously. The speed of detection and response to data loss, leak and theft are critical to business continuity.”

For more, read the full article on DevPro Journal.

How to Handle the Risk of Insider Threats Post-COVID-19

Excerpt from an article by Dr. Michael G. Gelles in Search CIO

“For many organizations, the COVID-19 pandemic has, like an earthquake, shifted the ground beneath them. The current crisis presents organizations with an entirely new and unfamiliar set of risks to manage. As those organizations balance protecting their workforce with keeping business running, they also cannot lose sight of protecting against familiar risks as well. Specifically, the pandemic may increase the risk that negligent or malicious insiders may pose to critical assets and data.

“Given this ‘new normal,’ there is value in refining current approaches to better protect critical assets even as the situation constantly changes.”

For more, read the full article on Search CIO.

Employees Abandoning Security When Working Remotely

Excerpt from an article by Help Net Security

“While 91% of IT leaders trust their staff to follow best security practices when working remotely, 52% of employees believe they can get away with riskier behavior when working from home. 48% cite “not being watched by IT” as a reason for not following safe data practices, closely followed by “being distracted” (47%).

“Additionally, staff report that security policies are a hindrance — 51% say such policies impede productivity and 54% will find workarounds if security policies stop them from doing their jobs.”

For more, read the full article on Help Net Security.

Code42