We all knew the overnight shift to remote work and cloud-based productivity and collaboration would dramatically change the Insider Risk landscape. But now, with nearly a year of data to look at, the Code42 2021 Data Exposure Report (DER) shows that the impact is pretty staggering:
- Employees are 85% more likely to leak sensitive files today than they were a year ago, before the COVID crisis hit.
- 3 in 4 IT security leaders experienced at least one data breach involving the loss of sensitive information in 2020.
- Insiders (malicious or just careless) were named the biggest source of data breaches by IT security leaders — ahead of external attacks.
- Despite all of this, less than 20% of 2020 security budgets were spent on Insider Risk — and more than half of organizations don’t have a formal Insider Risk response plan in place.
A whole new threatscape
The post-pandemic world of work is defined by the incredible speed and diversity of data activity. Employees are connecting remotely (using the VPN just 10% of the time, according to Code42 research), using cloud collaboration and productivity tools to zing files and data back and forth. They’re downloading, uploading, emailing, messaging, syncing, sharing, DropBoxing, Google Driving, AirDropping and more — all day, every day. They’re also facing pressures that amplify Insider Risk — working different hours, longer hours, catching up on nights and weekends, and dealing with overarching economic uncertainty and job insecurity.
None of this is going away anytime soon. Many companies have already postponed a return to the workplace until 2022. A December 2020 report from PricewaterhouseCoopers found that two-thirds of IT executives expect at least 25% of their workforce to remain permanently remote, and Forrester estimates full-time WFH levels will remain 3-4x higher than pre-pandemic. The Insider Risks in this flexible world of work are only growing. Forrester predicts that 1 in 3 data breaches in 2021 will stem from insiders, and the Code42 2021 DER found that 6 out of 10 IT security leaders believe insider threats will increase, or increase significantly, over the next two years.
A major paradigm shift in risk tolerance
Here’s a great anecdote that shows how the approach to enterprise data risk has profoundly changed in the past year: The U.S. State Department — one of the most high-security organizations in the world — is embracing the concept of risk tolerance. In a November virtual summit on security transformation, Gerald Caron, director of Enterprise Network Management within the State Department, explained that the organization quickly moved from believing employees would “never access [networks] off-prem,” to being forced to “learn what our risk tolerance really is.”
The State Department might be among the last to adopt this risk tolerance approach. Even before the pandemic, businesses were increasingly establishing a competitive advantage by building cultures rooted in speed, agility and collaboration — freeing employees to work in smarter, faster ways. The pandemic was a definitive force accelerator in this paradigm shift. Nearly every organization now acknowledges they must tolerate some level of Insider Risk in order to enable the agility, speed and innovation required to survive and thrive in today’s business climate. This even led Gartner to create an entirely new category of data security solution: Insider Risk Management*.
The reality is that Insider Risk management is much more nuanced than the traditional notion of insider threat prevention. Conventional, policy-based blocking tools like DLP and CASB are just too rigid to handle this nuance. That’s why the Code42 2021 DER found that most IT security leaders are dealing with daily or weekly complaints that legitimate employee work is being blocked.
Now’s the time to start building an Insider Risk Management program
2021 isn’t about reigning in users. It’s an opportunity to keep the momentum we’ve gained in terms of productivity, collaboration and business agility — and layer on a forward-thinking security posture that’s ready to adapt with the fast-moving, collaboration-driven culture that the C-suite is fostering. Security teams need to put technologies and processes in place that can identify risky behaviors without inhibiting the organization’s collaborative culture and employee productivity. We need technologies that flag Insider Risk Indicators, such as working off-hours, changing file extensions, having access to the files of a highly confidential project or resigning from the organization. Ultimately, it’s all about context. Security teams need to see the context — around the data, the vector and the user — in order to walk the line between managing Insider Risk and enabling the speed and agility that are critical for their business.
*Gartner Market Guide for Insider Risk Management Solutions, Jonathan Care, Brent Predovich, Paul Furtado, 29th December 2020.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.