Spotlight on insider risk to protect the digital business
What is one of the clearest indicators of insider risk? A letter of resignation. Surely you’ve heard of such a case that started five years ago when a highly paid (nine figure highly paid) and trusted engineer at Google took a mine of confidential documents and launched a competing start-up. . He quickly sold the start-up to Uber. In 2018, Google and Uber agreed to a nine-figure settlement. A year later, engineer Anthony Levandowski faced nearly three dozen criminal charges for theft of trade secrets. He pleaded guilty and was sentenced to 18 months in prison. Just a few weeks ago, he inexplicably received a presidential pardon, setting a dangerous precedent for insider risk.
When we talk about insider risk, the cost is not arbitrary or theoretical. This can represent millions – even billions – of dollars. And it’s one of the fastest growing data security vulnerabilities organizations face today. With rapid digital transformation journeys fueled by collaboration technologies and cloud platforms, it has never been easier for employees to secretly (like Levandowski) or inadvertently exfiltrate data. In fact, the other day we saw accidental data exfiltration and data infiltration events in our company when the data was synced with personal iCloud accounts without the user’s knowledge due to iCloud settings . What does it look like? A brand new employee brought in a virtual stack of documents from her former employer, another security company. The documents just automatically synced to her iCloud account before she left her last employer and re-synced to her new laptop at Code42 when she created her iCloud account – she didn’t know Apple had iCloud turned on. Drive by default. This kind of exposure happens every day. And it will continue to happen in today’s distributed work environments.
Code42’s latest insider risk data exposure report found that business leaders and security officials are allowing massive insider risk issues to continue due to the shift from work to distance in 2020. Insider risk will continue to plague organizations this year, and with the stakes this high, security teams need to be prepared. Here are some tips for controlling insider risk and preserving your digital business this year:
Adopt and then secure the culture of collaboration: The pandemic has proven several things to businesses. It showed that employees today are more likely to disclose data than they were less than a year ago. But it also revealed that the culture of collaboration – with a widely distributed workforce that uses file-sharing technologies – is very productive and here to stay. Security teams need to embrace changes in workplace culture and adapt their insider risk strategies accordingly.
Take a new approach to data security: Organizations today face multiple challenges when it comes to creating and running insider programs, including questions about the ownership of data and quality programs, processes and tools. lower and anemic budgets. To improve their security posture, organizations need to revamp their insider risk management strategies and directly address existing gaps in their programs.
Invest in modern insider risk management technology: To secure the culture of collaboration, technology can’t frustrate employees, hinder and block legitimate work and collaboration, force productivity workarounds, and leave security teams blind to file movements. As the wave of insider risks continues to escalate, it’s critical that security teams overhaul their tech stacks.
An unprecedented year, 2020 challenged organizations in ways we never thought possible. We were constantly forced to scramble to cope with massive and sudden changes. Security teams were stretched – often faced with budget and resource cuts at the same time – as they moved organizations completely remotely overnight in March.
The massive business impact of insider risk is too often overlooked. In fact, the Data Exposure report shows that organizations aren’t even measuring the effectiveness of their internal risk mitigation programs, and this inattention will threaten the future of the digital business. If we are to keep our organizations safe this year, while ensuring a strong collaborative culture, we need to be proactive and ensure that we have internal risk protocols, plans and technologies in place.
About the Author: