Insider threats to network security don’t have to be malicious to be costly. Employee workarounds and policy violations create significant security risks.
(April 14, 2021) Remote work has brought many benefits to both employees and employers, but it has also heightened network security threats. Away from the watchful eye of the IT team, many employees are engaging in behaviors that put applications and data at risk.
A Trend Micro study released in July 2020 found that users frequently circumvent company security policy if it makes their jobs easier. For example, 56 percent say they use nonwork applications on a company device, although 64 percent acknowledge that this is a security risk. Thirty-nine percent say they often or always access company data from a personal device — almost certainly breaking company security policies.
Eighty-five percent claim to take instructions from their IT team seriously, yet 34 percent agree that they don’t give much thought to whether the apps they use are sanctioned by IT. Additionally, 29 percent think they can get away with using a nonwork application because the solutions their company provides impede their ability to perform their job functions.
“When employees ignore cybersecurity guidance, they put the entire organizations at risk,” said Mark McClelland, co-founder, and VP of IT, Mainstream Technologies. “While it’s encouraging that most employees take advice from their IT team seriously, all it takes is one user clicking on the wrong link or attachment to cause a network security incident are counting on that aspect of human nature and are ramping up attacks that prey on human error and workarounds that circumvent security controls.”
The Cost of Insider Threats
User violations of security policies fall under the umbrella of “insider threats.” Many people think of an insider threat as an employee who purposely steals data or sabotages systems. However, a recent Ponemon Institute found that 62 percent of such incidents did not involve malicious intent. They are more likely to involve “negligence” or “human error,” in which users unintentionally mishandle sensitive data or commit policy violations with “workarounds” that bypass IT processes.
That doesn’t mean they’re benign. Network security incidents involving negligence cost an average of $307,111, according to the Ponemon Institute’s 2020 Cost of Insider Threats Global Report. The average number of incidents involving negligence has increased from 13.2 per organization in 2018 to 14.5 per organization in 2020.
The Harvard Business Review has estimated that at least 80 million insider attacks occur in the U.S. each year, although that number may be quite low because such events often go unreported. The increasing use of employee-owned devices in the workplace is creating more risk. However, many organizations admit that they still don’t have adequate safeguards to detect or prevent attacks involving insiders.
“Organizations of all sizes should be concerned about the costs and risks associated with insider threats,” said McClelland. “It’s much easier for hackers to gain access to the IT environment through an employee, contractor or third-party vendor than to try to circumvent security controls. That said, there are a number of steps organizations can take to reduce the risk of insider threats.”
How to Combat Insider Threats
Organizations should establish appropriate use guidelines for their technology assets. These policies should be precise and easy to understand and frequently reinforced with employee education programs.
Organizations should also ensure that their security infrastructure isn’t entirely focused on outside threats. Firewalls, intrusion prevention and anti-malware solutions are essential but don’t address threats from inside the network.
Access control solutions improve visibility and control of network activities. They perform authentication and authorization functions and can restrict access to key resources based on role- or identity-based policies. Access control solutions can also identify patterns of behavior by users or groups that might signify misuse, unauthorized intrusions or malicious attacks.
Data loss prevention (DLP) solutions examine outbound network communications such as email and file transfers, as well as host-based activities such as copying files to removable media. DLP scans will generate alerts if any of these activities violate company policies.
Content-filtering solutions can filter web-based applications, identify malware signatures, and examine instant messaging and email to protect against data leakage. They can also enforce access policies on remote and mobile devices that are used outside the network.
“There is a tendency to think of security breaches as sophisticated attacks by external hackers. However, data loss is often the result of user error or security policy violations,” McClelland said. “With many employees working outside the office, organizations need security tools that protect against insider threats.”
ABOUT MAINSTREAM TECHNOLOGIES
Mainstream Technologies delivers a full range of technology services in Arkansas and the surrounding region including managed technology services and consulting custom software development and cybersecurity services. We also offer industry-leading data center services in our Little Rock facilities. Established in 1996, Mainstream has earned a reputation for delivering quality, reliable, and professional technology services for public and private-sector customers across the United States.
Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile
