Mitigating Non-Malicious Insider Threats in a Decentralized Work Environment

Modern enterprises need to plan for insider threats in their cybersecurity strategy besides external threats.

December 5, 2022

While much of the discussion around protecting data focuses on threats from outside an organization, insider threats can be just as damaging and deserve equal attention, says Manuel Sanchez, global product marketing manager at iManage.

The 2022 Cost of Insider Threats Global ReportOpens a new window , based on research conducted by the Ponemon Institute, revealed that the average annual cost of insider incidents over 12 months was $15.4 million. 57% of respondents say the insider incidents involved employee negligence, and 51% say a malicious outsider stole data by compromising insider credentials or accounts.  

An interesting highlight of those statistics is how many insider incidents were non-malicious. While the classic example of an insider threat in the public imagination might be someone within the organization who knowingly or maliciously accesses sensitive data that they shouldn’t or tries to steal it, plenty of insider threats can be attributed to people within the organization who unknowingly cause harm via negligence or accident.

A Challenging Environment  

In the current work environment, which has been shaped by the ongoing ripples of the Great Resignation, this type of non-malicious insider threat can manifest itself in several ways.  

For starters, with greater employee turnover and workers’ movement between different employers, organizations run a high risk of sensitive data leaving their firm undetected. For instance, a departing employee might decide to make a “backup” of various documents and emails from multiple projects they were involved with to a thumb drive. The employee is not motivated by personal gain but believes this behavior is acceptable. According to a recent surveyOpens a new window , 53% of employees believe that it belongs to them because they worked on a document. 

The problem here is that the content that the employee is copying and removing from the organization may contain a huge amount of sensitive data, whether that’s privileged client information, personally identifiable information (PII) for former and current employees, confidential financial details, or the inner workings of various highly sensitive contracts. 

These incidents are allowed to happen when the policies to protect knowledge and confidential information after an employee gives notice are not actively enforced and the technology to monitor, detect, and prevent exfiltration of sensitive data by departing employees is not fully leveraged. 

Aside from data loss, non-malicious negligence involving data could result in the breach of data privacy regulations like GDPR or the California Privacy Rights Act (CPRA); it could also violate the data-handling requirements that are specifically stipulated in a customer agreement. In either case, failure to comply would trigger costly financial penalties and serious reputational damage to the organization. 

These risks become even more pronounced in predominantly decentralized remote and hybrid working environments where data access and processing no longer occur within the office’s four walls. Given these challenges, how can organizations protect their data and ensure that their employees aren’t accidentally part of the problem rather than the solution when it comes to security? 

Create a Security Culture 

One of the first things that organizations can do if they want to mitigate non-malicious insider threats is to create a positive culture of security. This means that leadership should reinforce the importance of security in everything that each employee does every day, in the course of their work. Security awareness training that is relevant to the employee’s and recurrent role can help embed good security practices. The recurrent part is important: Security awareness training cannot be approached as a one-and-done, “tick the box and move on” type of exercise. 

Keeping security simple, engaging, and transparent is also key. Security, which is easy to implement and makes the benefits to the organization tangible, helps employees want to be part of the culture of security. Additionally, communicating the benefits of compliance clearly and often – to individuals and to the organization as a whole – helps ensure that everyone is on the same page.    

In this way, a security culture becomes second nature, and it helps reduce the incidence of non-malicious “human error”. And all this becomes seamless with the right technology and security controls to support these good practices. 

The Right Balance 

An ounce of prevention is worth a pound of cure, and technology can help lower the risk of non-malicious insiders causing problems inadvertently. 

For example, by segmenting data within an organization and putting up information barriers, only those who truly need access to sensitive content can access it. Remember the example of the departing employee who made a personal backup of various company documents? The right solution would provide the ability to set specific rules for departing employees and monitor for any unusual activity, such as downloading large amounts of documents. It would even go one step further and notify an administrator, warn the user, or disable the account. 

Aside from departing employees, the same level of monitoring can be used to build a profile of how each employee interacts with company information to build a behavior pattern that is unique to that particular individual. For example, in a typical week, it might be that Employee X usually only accesses files from the same 2-3 projects, from the office or their home in Chicago, and only downloads a small number of those files. Any anomalous activity that breaks from this normal pattern can trigger the same alerts and stop any potential malicious activity. 

At the same time, however, security cannot come at the cost of accessibility to information that employees need to do their jobs or “false positives” that hamper productivity. Firms need the right balance between great security and trouble-free and seamless accessibility to data, documents, collaboration tools, and knowledge. Mitigating threats shouldn’t mean compromising the ability to get work done. 

See More: Twitter Hack: How to Reduce the Risk of Insider Attacks

Recognize the Threat

A decentralized work environment characterized by remote and hybrid work arrangements will be with us for the foreseeable future, which means that organizations need to take all necessary steps to protect and govern their sensitive data.  

Recognizing that threats can come from unassuming sources like non-malicious insiders is a key step in this direction – and by deploying practices with a balanced mix of people, processes, and technology, organizations can successfully minimize the risk around these non-malicious insider threats, ensuring they don’t have an outsize impact on ongoing operations. 

Which best practices have you considered to mitigate insider threats? Share with us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window . We’d love to know!

MORE ON INSIDER THREATS

Manuel Sanchez
Manuel Sanchez

Global Product Marketing Manager, iManage

Manuel Sanchez, Global Product Marketing Manager at iManage, Manual Sanchez has 17+ years’ experience in B2B Product Marketing of document solutions and services, with information security, risk and compliance expertise.
Take me to Community
Do you still have questions? Head over to the Spiceworks Community to find answers.