Connecting the information security community

Author Bio ▼

Part of the Informa Network, Dark Reading is a trusted online community for cyber security professionals, including CISOs, cyber security researchers and technology specialists. Covering the latest threats, vulnerabilities and cyber attacks, Dark Reading supports community members in keeping up with the latest in the sector.
November 13, 2020

Sign up to free email newsletters

Download

Whitepaper: Effective Techniques for Robust OT Security

Dealing with insider threats in the age of COVID

Dangerous grey areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working. So says CEO of Vectra, Hitesh Sheth, writing for Dark Reading.

Insiderthreat-Ovum-20Although the toll of an insider attack in North America can cost a company more than $11 million a year, many still consider insider threats to be too rare to constitute a real threat. Attacks resulting from insider threats are widely regarded as extreme outliers and consequently taken less seriously by leadership and security teams.

Nonetheless, companies should be mindful of dangerous grey areas, especially when considering attackers are always looking for the path of least resistance. These grey areas may include new bring-your-own-device policies and shadow IT devices that result from the rapid shift to remote work or high employee turnover rates.

The average impact of insider threats does not say anything about the overall frequency. Even if the average per-breach loss to a company is minor, cumulative losses can intensify if insider threats occur frequently. And this doesn’t include reputation loss, which is tough to measure and harder to overcome.


DOWNLOAD: Working with the Insider Threat


The threat landscape has broadened and diversified, especially since the COVID-19 outbreak. The global workforce is now largely remote and can work from just about anywhere – not just at home. A lack of security awareness of exploits – such as email phishing attacks and voice phishing attacks that target employee VPN credentials – can be costly.

Reduced and changing worker loyalties to employers and higher employee churn rates also expand the grey area. Examples include unintentional misbehaviour and misuse of resources, neglected security vulnerabilities, violations of company policies, and theft. The 2018 trade secret dispute between Waymo and Uber underscores the huge risks employers face in safeguarding intellectual property (IP) when employees leave.

Not all grey-area cases result in catastrophic losses, but they can quickly become very costly in aggregate. A growing number of smaller cases occur below the radar with rarely a mention from victimised companies. The danger is that negligent and malicious practices in the grey area become widely accepted without acknowledgment and action.

Besides a strict reinforcement of nondisclosure agreements that protect company IP, employees must understand that preserving confidential information from a previous employer is unlawful. Employee awareness and training are important factors in changing employee attitudes about ethical standards in the workplace, and employers must be prepared to practice what they preach.

I recommend that company leadership dedicate resources to consistently uphold these ethical principles, even if it means denying new employees from sharing information from their prior employers that could benefit you in the short-term.

darkReading-logo


This story first appeared on Dark Reading. Part of the Informa Network, Dark Reading is a trusted online community for cyber security professionals, including CISOs, cyber security researchers and technology specialists. Covering the latest threats, vulnerabilities and cyber attacks, Dark Reading supports community members in keeping up with the latest in the sector.


 

Keep up with the wireless access control market

Download this free report to find out more about:

  • The current state of wireless access control solutions in the market
  • The developing ‘move to mobile access control’ trend
  • Views on open architecture and integration
  • The growing use of the cloud and ACaaS to manage access systems
  • How important is sustainability to the industry?

Related Topics

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments