FEATURE
cybersecurityeurope
Digital upheavals, Software-as-a-Service flaws, and workers who say the data they create actually belongs to them: just some of the factors that drive the new generation of mixed – and mixed-up – insider threats...
MORE ORGANISATIONS HAVE BECOME SAVVY TO THE REALITY THAT INSIDER THREATS ARE NOW AS PREVALENT AS the malicious attackers who try to hack through the cyber security perimeter from without – they can also prove more difficult to detect, despite the fact that a CISO might pass a digital malefactor in the corridor two or three times a week, or even work right alongside them. Yet despite heightened commitments to invest in internal security monitoring tools (see Cyber Security Europe, Autumn 2018 issue), a range of evidence suggests that the insider threat has not diminished in scale over the last 18 months. Indeed, more than 50% of c-suite executives who responded to BetterCloud's State INSIGHT
of Insider Threats in the Digital Workplace 2019 report whose organisations are embarked upon greater cloud adoption say that insider threats are now among their top five security concerns. And it’s not the same old threat multiplied. The intrinsic nature of insider threats is changing, due to a confluence of otherwise disassociated factors. This has morphed the challenge away from a threat represented nominally by untrustworthy, crooked or malevolent employees motivated by illicit personal gain or revenge. This sounds as old news to seasoned cyber security practitioners, but may come as somewhat of a shock to non-technical senior executives who have acquired responsibility for enterprise cyber governance.
Insider threats of all shades are on a marked increase. Those that involve employee or contractor negligence show the biggest rise.
GENERATIONAL DATA OWNERSHIP PERCEPTIONS HAVE EMERGED... Research from Egress Software Technologies highlights that attitudes towards data ownership and data responsibility vary significantly between generations of staff employed within an organisation. The heart of the problem, Egress argues, is growth of unstructured data – the data that employees use/interact with to do their jobs. The escalation of data share tools that employees use both inside and outside of organisational perimeters compounds this, plus the fact that low-rank employees don't place the same value on company data as their bosses.
20
