Ahhh–Those were the days.
People’s work day used to consist of busy commutes to and from the office, bookending a 9-to-5 office life-well sometimes longer.
The traditional work day was sidelined during the pandemic, when people across the globe erected makeshift home offices powered by the digital collaborative systems that allowed them to keep moving forward. Employees needed to quickly adapt to perpetual remote work both culturally and process-wise and organizations had to arm their employees with the tools and resources to support this new work style to maintain productivity, collaboration–and many times to actually keep the business lights on. Many pivoted and thrived through the digital transformation mandate–but they also generated greater Insider Risk vulnerabilities with key ideas and sensitive data now ever-living more out at the edge.
Now, as companies emerge from the pandemic, it’s predicted that this new remote and hybrid world is likely here to stay. That, coupled with the fact that, according to research from Microsoft, over 40% of the global workforce is considering leaving their employer this year, means that corporate data will remain out in the open, at the edge and at greater risk.
Code42 recently partnered with Cybersecurity Insiders for a survey examining the Insider Landscape. Key findings include:
- Security professionals are more concerned about inadvertent (71%) or negligent (60%) data leaks than malicious data breaches (52%)
- 52% find it more difficult to detect and prevent insider attacks than external cyber attacks
- 62% are concerned or very concerned about insider risk
- Only 29% of organizations currently use an insider risk management solution, despite being more concerned about accidental data leaks
- 65% of security budgets will either stay the same or decline
Cybersecurity Insiders Founder Holger Schulze and Code42 VP of Security Research & Strategy Mark Wojtasiak recently got together to discuss the report and how to stop corporate data loss while supporting greater business agility and open collaboration without disrupting employees.
You can check out their discussion here. Some of the key highlights below.
Four Key Contributors to Insider Risk
At its core, Insider Risk is a data protection problem.
When we think about catalysts and causes of concern, there are four key contributors:
- Bypass Culture – According to the Insider Landscape Report, 89% of CISOs believe that the speed of employees’ work puts data at greater risk. This leads to non-compliance with data use policies, and it’s hard to keep up with the speed in which data is flowing within an organization.
- Dynamic Workforce – The workforce (work from home movement) has changed and employees are 85% more likely to leak data now than pre-pandemic (source: DER 2021, published Dec. 2020). This introduces new areas of concern with the hybrid workforce, the growth of shadow IT, and personal productivity (cloud services used by employees on and off the network).
- Technology Gaps – There is always going to be a technology gap. Security teams do not have the tools and resources to manage this gap and 91% of security teams say they lack the purpose-built technology to document Insider Risk (source DER 2021, published Dec 2020). This often leads to security burnout.
- Security Burnout – With 63% of security teams unable to prioritize corporate data leaks that matter, this adds so much noise. How do security teams discern what is noise and what is material risk to the organization? Not knowing the answer to this question can lead to burnout and eventually turnover, which poses a security risk in and of itself.
Corporate data loss, major revenue hits and businesses’ very viability are at risk. Insider Risk has evolved into a culture problem that needs to become a greater data stewardship, governance and board-level imperative–to be monitored, managed, and maintained. Insider Risk Management approaches can help stop corporate data loss while still encouraging a collaborative work environment.
Want to learn more?
Download the Insider Landscape Report.