One thing is clear, everyone is waking up to the reality that mitigating insider threats can’t be done with rules or by monitoring a select few high-risk individuals. We are WAY past the days of Robert Hanssen and Edward Snowden. Every user is a threat… malicious, compromised, negligent or otherwise. In fact, according to Forrester Research’s latest insider threat report, Best Practices: Mitigating Insider Threats, inadvertent misuse of data accounted for 39% of the data breaches that their survey respondents attributed to insiders. So how is an already overworked cybersecurity team, drowning in data and alerts, supposed to protect a distributed workforce and prevent data loss while finding malicious actors without invading trusted insider and third-party privacy? It’s not easy, but it can and must be done, according to Forrester.
Even Low-Level Malicious Insider Threats Cause High-Level Damage: Malicious Insider Threats Are Growing and That’s Bad News for Businesses
No company wants to think that one of their staffers may be trying to harm the business instead of helping it, but that’s frequently the case, especially in tumultuous times like these. While the vast majority of insider threats are from well-meaning but incautious employees, 23 percent of insider threat incidents are the result of deliberate, malicious acts. Spotting and stopping malicious insider threats has to be a priority for every company before those threats become expensive and damaging cybersecurity disasters.
As with so many other things in the federal space, the COVID-19 pandemic has accelerated agency adoption of zero trust approaches to security. When federal agencies moved to a primarily work from home model, it greatly expanded their risk footprint as the endpoints they had to secure were now outside the traditional network boundaries, forcing them to respond to a new paradigm. But while zero trust helps agencies secure their networks against outside adversaries, insider risk can still be a major problem, and many data loss prevention strategies leave gaps and do not effectively address insider risk.
Insider Risk Management builds a framework around the new paradigm of “risk tolerance,” aiming to give security teams the visibility and context around data activity to protect that data, without putting rigid constraints on users. The pandemic was a force accelerator for digital transformation in the enterprise. It’s not just the dramatic remote work shift — it’s a profound shift toward prioritizing speed and flexibility as the drivers of a company’s competitive advantage. But as faster, more agile ways of working dramatically increase data security risks stemming from our own employees, it’s forcing a reckoning: How do you manage these growing risks without impeding speed and agility in your business? The answer is a new category of data security technology: Insider Risk Management (IRM). IRM builds a framework around the new paradigm of “risk tolerance,” aiming to give security teams the visibility and context around data activity to protect that data, without putting rigid constraints on users. Attention around Insider Risk is growing. According to Gartner, “Security and risk management leaders have observed an increase in demand for assessing and managing Insider Risk, including surveillance of high-risk workers and anomaly monitoring of critical applications and data.”
Cybersecurity companies Intsights and Positive Technologies both identified Mustang Panda last year as an advanced persistent threat group behind a number of COVID-19-themed attacks on people in Vietnam and Mongolia. The attacks involved COVID-19-related phishing emails loaded with malicious .rar files that, when unzipped, installed a backdoor trojan on the victim’s machine.