At a time when WFH (work from home) is emerging as the hippest acronym to use, Forrester’s aptly titled “Pandemic Fallout Creates Perfect Conditions For Insider Threat” article by Joseph Blankenship is very relevant. While organizations embrace remote work and figure out creative and innovative ways to unleash their collaborative cultures, they have to be mindful that the battlefield of insider threat has shifted away from the traditional perimeter and into open grounds. Oh, and these grounds happen to be off-network and off-VPN!
I had three brief takeaways from the article that I wanted to provide some personal context on.
- “The rapid move to remote work may leave some users outside the typical security controls organizations employ, leaving systems and data vulnerable.”
This is a no brainer. So far, organizations have had the luxury of creating security strategies tied to the safe vicinity of corporate workspaces. The rapid shift to work-from-home has allowed very little time for planning, so expect gaps! - Security teams need to “[n]ot rely entirely on user behavior monitoring tools that no longer reflect the actual environment users are working in.”
Traditional approaches to data security haven’t evolved with company culture or the simple reality that users have, in fact, already started a movement of going remote. In this new world, data security simply has to keep pace with the way people work. - “Your users are scared – both of getting sick and losing their jobs. How these concerns are addressed has tremendous impact on the likelihood of users turning malicious.”
Protecting an organization from insider threat during a pandemic is not all about the tech. It’s just as much a human issue that involves fear and uncertainty. Simple measures that companies take during this time to remind employees of their value can in fact emerge as the best non-technology approach to preventing insider threat from ever happening.