Insider Threats: Mitigating the Risks of Data Exfiltration

As 2020 comes to a close, news of a vaccine for Covid-19 brings a sense of optimism for the new year ahead. However, as governments pull the plug on furlough schemes, and a global economic downturn looms, many organizations find themselves planning restructuring and redundancies necessary for business survival leading to a rise in insider threats.

At the start of the pandemic businesses quickly adapted to remote working to manage new legislature that kept employees at home. The sudden onset of remote working brought many challenges for organizations and employees alike, and indeed opportunities for cybercriminals who capitalized on those not well prepared for changes in the way we now work.

Those responsible for IT security have spent the past several months effectively trying to keep cybercriminals at bay, but with the economic uncertainty we now face, they must also consider the threats that lie within the company walls.

We know from experience that relying on perimeter defense and anti-virus software to prevent cyberattacks is an antiquated approach that is no longer effective in the fight against modern cybercrime. The sheer number of threat vectors virtually ensures that cybercriminals will get in if they want to, and in many cases they already are, waiting for the right time to activate and launch an attack.

We must not forget that many organizations face an even more imminent danger, the insider threat. Leading analyst firm Forrester expects insiders to be responsible for a third of breaches in 2021, up 8% from 2020, mostly due to the increase in remote working. Of course not all threats are of malicious intent. Employees struggling to balance work life and family stress during a pandemic could easily be forgiven for being less focussed and distracted. Unfortunately, those distractions can lead to accidental threats, in many cases simply not taking the time to validate what may appear to be a legitimate email before clicking on a phishing link. A simple mistake that can have disastrous consequences.

While organizations should expect that most employees are behaving appropriately, they should also consider that some may not, and prepare accordingly. At a time when financial stress could lead people to act in a way that is out of character. Employees may be motivated to act unscrupulously for financial gain when times are tough, and in a year when bonuses and pay rises are highly unlikely.

Disgruntled insiders, economic uncertainty, loss of valuable company data and trade secrets can spell disaster. Unfortunately, departing employees pose one of the biggest risks for organizations, especially heightened at a time when employees are working from home and data is decentralized on devices residing outside the company network. Detecting and preventing any unauthorized data from leaving the company, no matter where employees are based is critical to mitigating the risk of insider attacks.

Any attack, be it for monetary, political or competitive advantage relies on the removal of data from the organization. Infiltrating a network or device does not, in itself, equate to a successful attack. An attack is only successful if unauthorized data is stolen or removed from a device or network. Organizations must be able to monitor, detect and prevent unauthorized data exfiltration in order to mitigate the risks associated with data loss.

The difficulty is that data exfiltration can be very difficult to detect, particularly from an insider. As data routinely moves in and out of an organization, exfiltration can closely resemble normal network traffic, meaning that data loss incidents can go unnoticed by IT staff until it’s too late.  A preventative approach that can monitor data exfiltration in real-time is essential in detecting unusual behaviour before the unauthorized data transfer can occur.