Now more than ever, insider threats pose a serious risk to financial institutions, especially those that have transitioned to alternate work environments to ensure business continuity, warns Fortinet.
Fortinet’s 2020 Securing Remote Work Survey revealed that the shift to remote work was putting pressure on security teams and increasing the risk of breaches.
The pandemic has created the perfect storm in which to cultivate insider risk. People have been working from home, leading to lax security habits – in fact, 62% of employees say they don’t follow security protocols as closely as they do when they’re in the office. They’ve also been relying on collaboration tools like Google Drive and Slack, and personal cloud applications and storage, making data more portable and its movement – invisible. And turnover across all industries is increasing, encouraging many people to bring data with them when they start new jobs. All these factors lead to increased Insider Risk, and businesses must be on high alert.
Most organizations don’t want to consider the possibility of insider threats, but they are a serious issue that should always be in mind. Disgruntled or fired employees seeking revenge, employees moving to a competitor with intellectual property they stole before leaving or untrustworthy contractors can wreak havoc on your business. What if an external threat actor would offer your employees easy money to just do a quick action on one of the company’s computers? How would the company detect it?
Across sectors, insider threats have risen in the past couple of years. Seven out of 10 organizations in general report insider attacks becoming more frequent, according to a report by Cybersecurity Insiders. While the 2021 Verizon Data Breach Investigations Report (DBIR) highlighted that external threat actors still outpace internal ones, insiders now account for 39% of data breaches, said Michael Welch, managing director, MorganFranklin Consulting. “And it is essential to understand that no industry is immune.”
Instances of insider fraud are on the rise, along with the costs and complexity of those attacks. The PwC Global Economic Crime and Fraud Survey 2020 found that 37 percent of fraud that affects businesses is committed by internal perpetrators. PwC expects that number to rise as subsequent surveys more fully reflect recent changes to work arrangements.
“Cloud”-y with A Chance of Trade Secret Theft: How Your Company Can Protect Against Cloud-Based Data Pilfering
Misappropriation of trade secrets and confidential information used to involve an employee walking out the door with a box of records they spent hours copying after hours. As technology has advanced, departing employees have begun to misappropriate more efficiently. This usually involves emailing documents to personal Gmail accounts or transferring reams of data onto external hard drives or other USB storage devices. Some employees have found even their smart phones are a helpful tool to remove or store pilfered trade secrets. But now that many organizations have begun using cloud-based storage and filesharing platforms – which can be less expensive and easier for employees to use – employers are having a harder time protecting their assets by preventing departing employees from walking off with the electronic equivalent of the “box of docs.” What can your company do to prevent this modern form of thievery and what can you do should you uncover it?