New research shows that the shift to an almost fully remote workforce has significantly changed the behaviors of ‘trusted insiders’ in 2020. In a series of interviews with hundreds of businesses across a diverse range of industries, researchers found a 450% increase in employees circumventing security controls to intentionally mask online activities and a 230% increase in behaviors that indicate intent to steal data.
The findings published by DTEX Systems this week paint a worrying picture about the so-called ‘trusted insider’ – “once thought to be reliable and responsible are [now] changing their behaviors and increasing the risk of data loss, external attack and regulatory compliance violations for their employers,” according to the firm’s CTO, Mohan Koo.
The equilibrium of employee security and trust has been disrupted abruptly in 2020, Koo said in the report. And the key findings indicate just that:
“The growth in premeditated data theft attempts and intentional activity masking behaviors by employees strongly suggests that companies are facing a heightened risk of data loss as virtual employment models become the norm, furloughs are extended and reduction-in-force actions continue,” according to the report.
The culprits are said to be ineffective network and endpoint security and lax or inexistent data loss prevention tools. The findings indicate that organizations must prioritize the human-element and workforce behavior in relation to data, process, and machines as a pillar of their next-generation security and IT technology strategies, the researchers said.
A similar study published by Tessian indicates that nine in 10 data breaches are caused by mindset lapses, pinning the root cause of almost all cyber incidents on insiders. Jeff Hancock, a leading communications professor at Stanford, says employees are reluctant to admit to their errors if employers judge them too harshly.
And yet another study by The Ponemon Institute (commissioned by Forcepoint) shows that current cybersecurity tools are ill-prepared to combat insider threats. Indeed, securing the human layer takes a holistic approach – especially with more and more organizations relying on a remote workforce.
Bitdefender GravityZone is an integrated endpoint protection, risk management, and attack forensics platform, enhanced with user behavior risk analytics. IT reps can leverage integrated risk management and analytics to continuously assess, prioritize, and address misconfigurations and vulnerabilities, including those triggered by humans.
Bitdefender Network Traffic Security Analytics (NTSA) detects advanced network-based attacks in real time and triggers autonomous incident response. Using a combination of machine learning and behavior analytics with insights from Bitdefender cloud threat intelligence, NTSA offers much-needed threat context to detect any network-borne anomaly, from external malice to insider negligence.
tags
Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.
View all postsDon’t miss out on exclusive content and exciting announcements!