InfoSec Insider

Why Cloud, Collaboration Breed Insider Threats

Many employees don’t follow company security policies when they use handy productivity tools.

When it comes to facing insider threats, many enterprises seem to be suffering from a type of organizational cognitive dissonance – as in, they hold two, seemingly contradictory beliefs when it comes to the cloud and the collaboration tools that they use.

Specifically, business leaders and information-technology executives essentially agree that employees need access to effective tools that enable them to collaborate and be more productive. Yet, they also realize that these same staff and tools can place their organization at substantial risk.

Consider this: Within the 2019 Global Data Exposure Report, of the 38 percent of companies that reported enduring a data breach within the past year and a half, more than half identified that an employee played a part in that breach.

Of course, sometimes insider risk is due to insiders acting in a malicious way: outright stealing data for fraud or to sell or take to competitors. But that’s not always the case.

The report found that many of these breaches could have been caused, at least in part, because staff tend to use software and online services as they see fit for their work – not according to security policy.

According to the business decision-makers surveyed, employees face increasing pressure to get their work done – and to do so, they often step outside accepted security protocols. Further, they also use applications and services that haven’t been sanctioned by their security teams and, doubly troubling, are not configured to provide security teams visibility into data use. In fact, one-fifth of respondents stated that they don’t understand security protocols and that employee turnover is considerably high.

This is all a clear organizational risk gap – and in fact, 77 percent of information-security leader respondents agreed that this most significant data risk to the organization.

Why staff are choosing to work as they please without considering data security policy is understandable. Business leadership want employees to be more collaborative and productive. And to do so, organizations are implementing – or allowing the use of – cloud services and collaboration tools. And, unfortunately, our survey found that employees commonly choose to treat (and use) organizational data in any way that makes their jobs easier or enables them to best do their job.

Further, odds are that staff brought ill-gotten data with them from a previous employer. Surprisingly, 27 percent of information-security professionals don’t bother to monitor what data employees bring into their organization. Some organizations are setting themselves up for lawsuits when it’s discovered that their products or services are built on some other organization’s intellectual property.

It’s also important to note that when it comes to the insider threat, it’s not just front-line workers that are risky. Business and security leaders can also create significant insider risks. In fact, business leadership often defies organizational security policy, according to our survey, and 72 percent of CEOs admit they’ve taken intellectual property from a former employer. The survey also found that 65 percent of information security leaders themselves admit to bringing information from their previous position to their new employer. Somewhat surprising, information-security leaders polled higher when it came to this activity than any other employees in the business.

It’s a big challenge, and solving this chasm between wanting to provide the freedom and the toolsets that staff and other insiders need to do their jobs effectively, and to also protect company data and intellectual property, is critical. In fact, more than two-thirds of information security leaders agree that a lack of coordinated security planning is putting their organizations at risk — and yet most continue not to have such planning in place.

How to resolve the conflict? Organizations need a clear data policy that explicitly sets down the data ownership and usage policies: who owns the data, and how and where it’s to be used. The data ownership and usage policies need to be supported through periodic security-awareness trainings, and during employee on- and off-boarding. When employees put in their notice – because when employees depart is one of the riskiest times for data exfiltration – is also another time for the data ownership reminder discussion.

And, of course, insider risks are also mitigated with good data security best practices in place, such as continuous monitoring of data movement and good access control.

The survey shows though that business and security leadership still have a long way to go before they can not only practice what they preach, but also close the gap and better manage the risk associated with insider threats.

Rob Juncker is senior vice president of research and development and operations at Code42. 

Enjoy additional insights from Threatpost’s InfoSec Insider community by visiting our microsite.

Suggested articles

Conducting Modern Insider Risk Investigations

Insider Risk Management requires a different approach than to those from external threats. IRM is unique from other domains of security in that the data sources which serve as inputs are as often people as they are tools. Shifting the analyst‘s mindset when handling risks presented by insiders requires us to move through the stages of inquiry, investigation, and determining outcomes.