As 2020 comes to a close, news of a vaccine for Covid-19 brings a sense of optimism for the new year ahead. However, as governments pull the plug on furlough schemes, and a global economic downturn looms, many organizations find themselves planning restructuring and redundancies necessary for business survival leading to a rise in insider threats.
At the start of the pandemic businesses quickly adapted to remote working to manage new legislature that kept employees at home. The sudden onset of remote working brought many challenges for organizations and employees alike, and indeed opportunities for cybercriminals who capitalized on those not well prepared for changes in the way we now work.
Insider Threats
Those responsible for IT security have spent the past several months effectively trying to keep cybercriminals at bay, but with the economic uncertainty we now face, they must also consider the threats that lie within the company walls.
We know from experience that relying on perimeter defense and anti-virus software to prevent cyberattacks is an antiquated approach that is no longer effective in the fight against modern cybercrime. The sheer number of threat vectors virtually ensures that cybercriminals will get in if they want to, and in many cases they already are, waiting for the right time to activate and launch an attack.
We must not forget that many organizations face an even more imminent danger, the insider threat. Leading analyst firm Forrester expects insiders to be responsible for a third of breaches in 2021, up 8% from 2020, mostly due to the increase in remote working. Of course not all threats are of malicious intent. Employees struggling to balance work life and family stress during a pandemic could easily be forgiven for being less focussed and distracted. Unfortunately, those distractions can lead to accidental threats, in many cases simply not taking the time to validate what may appear to be a legitimate email before clicking on a phishing link. A simple mistake that can have disastrous consequences.
While organizations should expect that most employees are behaving appropriately, they should also consider that some may not, and prepare accordingly. At a time when financial stress could lead people to act in a way that is out of character. Employees may be motivated to act unscrupulously for financial gain when times are tough, and in a year when bonuses and pay rises are highly unlikely.
Disgruntled insiders, economic uncertainty, loss of valuable company data and trade secrets can spell disaster. Unfortunately, departing employees pose one of the biggest risks for organizations, especially heightened at a time when employees are working from home and data is decentralized on devices residing outside the company network. Detecting and preventing any unauthorized data from leaving the company, no matter where employees are based is critical to mitigating the risk of insider attacks.
Data Exfiltration
Any attack, be it for monetary, political or competitive advantage relies on the removal of data from the organization. Infiltrating a network or device does not, in itself, equate to a successful attack. An attack is only successful if unauthorized data is stolen or removed from a device or network. Organizations must be able to monitor, detect and prevent unauthorized data exfiltration in order to mitigate the risks associated with data loss.
The difficulty is that data exfiltration can be very difficult to detect, particularly from an insider. As data routinely moves in and out of an organization, exfiltration can closely resemble normal network traffic, meaning that data loss incidents can go unnoticed by IT staff until it’s too late. A preventative approach that can monitor data exfiltration in real-time is essential in detecting unusual behaviour before the unauthorized data transfer can occur.
Related Posts
The Johnson Controls Ransomware Attack – Impact and Key Insights Review
In September 2023, Johnson Controls International suffered a ransomware attack linked to the Dark Angels group, resulting in the theft of 27TB of sensitive data. The breach caused $27 million in losses and disrupted operations, highlighting the critical need for robust cybersecurity defenses.
The 2024 Vulnerability Crisis – Managing Cybersecurity Threats
Learn how organizations can meet the onslaught of cybersecurity vulnerabilities, along with five of the most common vulnerabilities and successful management strategies. Find out why there’s a new vulnerability every 17 minutes.
What is Data Loss Prevention? | A Complete Guide to DLP Security
Data is the most valuable asset today's businesses possess - and volumes are growing all the time. In this article we look at what data loss prevention means heading into 2025 and what should firms be doing to improve their capabilities?
BlackFog: Personal Liability Concerns Impact 70% of Cybersecurity Leaders
70% of cybersecurity leaders face personal liability concerns. Discover how it impacts governance, accountability, and cybersecurity practices.
Ongoing: New Ransomware Gangs in 2024
Ransomware gangs continue to break records and BlackFog will track all new ransomware gangs in 2024.
BlackCat Ransomware: What It Is and How to Defend Against It
Learn how to protect your business from BlackCat ransomware with essential insights, ransomware prevention tips, and actionable defense strategies to mitigate risk.