Much has changed in a short time. With the rush to work remotely at the onset of the pandemic, digital transformation has shifted from a strategy of growth and productivity to a business imperative necessary for organizations to run smoothly. Even organizations that were already hybrid suddenly had to take on a whole remote staff overnight. As we move, with stops and starts, into the new world of hybrid remote working, it’s obvious there is no turning back.
Digital transformation timelines jumped seven years in a matter of weeks at the start of 2020 and things aren’t slowing down anytime soon. We are now overcoming the crest of a second wave of digital transformation sweeping through every business and industry as businesses aggressively target growth. This second wave is great for innovation, but it comes with an inherent risk that can have unexpected ramifications in any business: insider risk increases, and it threatens to limit the speed, agility, and innovation over which companies. organizations count to fuel their growth.
WHAT YOU SHOULD KNOW ABOUT INSIDER RISK
Insider risk is not a new issue, but it is becoming increasingly urgent due to the changes brought by this new world of hybrid remote working. Information security teams have focused on external cyber attacks (malware, DDoS attacks, ransomware) and rightly so. Newspaper headlines are consumed by these types of attacks, creating a sense of urgency and the impression that external attacks are the most damaging. In my experience, this is no longer the case.
Insider risk is any user-induced data exposure event, whether malicious, negligent, or accidental in nature. Within your organization, think about all the files that have been uploaded, downloaded, synced, and shared across all continents and time zones. Whatever the intention, losing control of proprietary and sensitive data can have a significant financial, reputational and operational impact. They introduce competitive risk, for example, when the crown jewels (source code, product designs, roadmaps) end up in the wrong hands, as in the case of Proofpoint. From a financial standpoint, according to Aberdeen Research, the cost of an insider data breach can add up to 20% of a company’s annual revenue. The impact is real, and it’s time to fix it.
KEEP YOUR DATA FROM ENDING IN BAD HAND
Of course, technology is key to managing insider risk, but when we’re ultimately talking about trying to drive innovation, collaboration, and speed, we need to start by looking at who is at the center of it. all of this: your employees. Insider risk is created by employees, but that doesn’t mean you should treat them the same way you would treat an outside attacker. With hackers, the intention is clear: it’s malicious. But employees with no bad intentions could easily disclose data by accident or negligence.
To combat insider risk, treat your employees as allies in your cybersecurity efforts. It all starts with transparency. It’s important to tell employees exactly what the company is doing to monitor insider risk. If the organization is monitoring the movement of data, companies should communicate it to employees. Make sure they understand that the company trusts them, but that they also have to, as the saying goes, “trust, but verify”.
The most important part of making employees allies in the fight against insider risk is through security awareness and training. Companies want employees to use collaboration platforms intelligently and in line with company policy. This means that the company must first establish a well-thought-out policy, and then educate team members on the proper manners of handling data.
Even within the most educated and aware of security culture, there will always be risks to corporate data. The old-fashioned data loss prevention (DLP) tools designed 10 years ago just aren’t effective in this new cloud-based working environment, wherever you are. These legacy DLP solutions rely first on knowing where your data is, creating complex and endless policies, and then preventing users from doing their jobs.
Managing internal risk requires an approach that fundamentally changes the mindset of data security to focus on outcomes that deliver business value, and technology designed to protect data without interfering with collaboration. Insider risk is a barrier to growth and innovation. Effective management of insider risk is the key to unlocking the full potential of this next wave of digital transformation.
Ananth is a highly accomplished ecosystem of partners and a business development manager with deep expertise in the cybersecurity industry.