April 2, 2020

Reframing Insider Threat: What Does it Mean When Everyone’s Working from Home?

Carl Eberling
What does insider threat mean when everyones working from home

There’s no shortage of articles and blog posts discussing the near-term implications of our current situation. Cloud services and applications fill the void to help ensure employee productivity and business continuity. But what are the long-term business implications of a fully remote workforce as it relates to cybersecurity?

Board members and senior leaders of global companies seeking answers to this question can start by examining the changing nature of insider threats. Years ago, protecting against insider threats meant focusing cybersecurity efforts on keeping bad actors out. In recent years, hackers have executed increasingly sophisticated attacks to compromise employee credentials, which, when successful (such as this recent breach of 5.2 million consumers’ PII), allows bad actors to impersonate employees — thereby rendering many traditional cybersecurity defenses obsolete. Today, there’s  a growing problem: data exfiltration (any unauthorized movement of data) that happens more quickly than ever. And with the recent rapid and urgent shift to support remote workers at scale we can expect this will drive an exponential increase in data exfiltration opportunities for bad actors.

Data is the lifeblood of your business. As are your employees. And, to stay in business in the years ahead it has never been more imperative to employ security solutions that protect the digital crown jewels and those that interact with this critical IP. And as part of any good data loss prevention (DLP) plan there has to be a thoughtful security strategy as well around guarding against insider threats. This is both a back-office and front of house strategy that involves deploying security solutions that know where your critical data resides with the capability to automate security response as the risk level relevant to the digital identity accessing that data goes up or down. And, employees can be your strongest front line security defense with education and active security hygiene reinforcement, which is even more critical as the majority of workforces move remote.

For CISOs and their security teams, this also means we’re quickly moving into a new reality where compliance to global IT standards (ISO, NIST, CMMC, etc.) is only the starting point. This future will impact your employees, your departments and your business overall. Here’s a quick look at just a few of those implications:

Employee Implications:

  • It requires embracing new ways to work with colleagues and partners.
  • It requires them to be more diligent in how they handle sensitive company information, especially at remote workplaces.
  • It requires them to operate with a higher level of understanding how to keep data secure. It means embracing new security policies designed to protect both physical and digital data.

Departmental and Broader Business Implications:

  • Human Resources – This changes existing onboarding processes, ongoing training processes and employee termination processes. It also rapidly expands the concept of monitoring behavior in the workplace.
  • Facilities – It requires rethinking the definition of the workplace. It’s now expanded well beyond the borders of a company’s buildings. How do you secure your company’s physical assets beyond fixed assets you operate? Longer-term, it expands to include additional financial implications, since it most likely means redistributing assets and resources from central office structures to more distributed, remote work structures.
  • IT/Security – Beyond mandatory MFA, it is imperative today to have visibility into the context of where data resides, who is touching that data and how it is moving. To secure data in this new way of working, ingesting telemetry data about a connection or session can mean the difference between stopping a breach before it happens or launching an investigation into what was lost and its ultimate impact on your business.
  •  Product Teams – This most likely requires an expansion of agreements with contractors and business partners, especially as you think of them as an extension of your employee base.

Managing and supporting a fully remote workforce isn’t a one-time problem—it’s the new way of working. Many companies already struggle to manage insider threats to their data and security—a situation today made more complex as we try to secure a rapidly-expanding definition of the workplace. Business leaders who recognize the value in a first-mover opportunity and take steps today to mitigate the long-term business and cybersecurity impact of current events will ultimately garner a business advantage over competitive players slower to move. How businesses respond today will help determine the industry leaders of the future.

Scale your security strategy to protect people and data wherever work happens — learn more here.

Carl Eberling

Carl Eberling serves as Chief Information Officer at Forcepoint. In the role, he oversees all information technology, facilities and procurement matters for the company. Prior to Forcepoint, he served as an advisor to startups developing new technology. Before then, he served as SVP Information...

Read more articles by Carl Eberling

Über Forcepoint

Forcepoint ist einer der weltweit führenden Anbieter von Cyber-Sicherheit im Bereich Anwender- und Datensicherheit und hat es sich zur Aufgabe gemacht, Organisationen zu schützen und gleichzeitig die digitale Transformation und das Wachstum voranzutreiben. Unsere Lösungen passen sich in Echtzeit an das Nutzerverhalten an und ermöglichen Mitarbeitern einen sicheren Datenzugriff bei voller Produktivität.