12.3.21 – SIW
The pandemic has created the perfect storm in which to cultivate insider risk
When businesses’ data falls into the wrong hands, it can be devastating
The COVID-19 pandemic ushered in unprecedented turnover in the US labor market. Businesses saw a major decrease in employee retention, with recent data speaking to a grim reality:25% to 40% of employees plan to quit their current jobs. Say hello to the Great Resignation, a massive shift in workforce behavior. But it does not stop there. While the media has been covering employee turnover all summer, too few are talking about the resulting “Great Data Exfiltration.” With at least 63% of employees admitting to taking data with them to a new job, businesses must understand that their data can and will run off with employees exiting their workplace.
What exactly is insider risk and why should business care about it? Insider risk is a data security risk that originates from within an organization – the risk of data leaving an organization and falling in the wrong hands. This type of risk is created by employees and jeopardizes the well-being and competitiveness of an organization, its customers, or partners. Simple, yes, but disastrous if it occurs to your business.
The Dangers of Insider Risk
The pandemic has created the perfect storm in which to cultivate insider risk. People have been working from home, leading to lax security habits – in fact, 62% of employees say they don’t follow security protocols as closely as they do when they’re in the office. They’ve also been relying on collaboration tools like Google Drive and Slack, and personal cloud applications and storage, making data more portable and its movement – invisible. And turnover across all industries is increasing, encouraging many people to bring data with them when they start new jobs. All these factors lead to increased Insider Risk, and businesses must be on high alert.
Our team analyzed our Insider Risk Management (IRM) detection software between July and September of 2021 and found that data exposure events just from Q2 and Q3 2021 – the period enclosing the impact of the Great Resignation – account for 69% of all data exposure events from the preceding four quarters. Our analysis also found that in Q3 2021, source code exposure increased 2x when compared with each quarter from Q3 2020 through Q1 2021. This number is likely to remain high as a recent report notes that 40% of employees in the computer and IT industries are planning to quit their jobs by 2022 and most likely thinking about taking source code they worked on with them. The Great Resignation is a likely explanation for this shift — when people start new jobs, they want to take the important work they did in their last role with them so they can hit the ground running.
Mitigating the Risk
As a business, you have the ability to mitigate insider risk in an effective and responsible manner. Begin with the three T’s – transparency, training and technology. Transparency between you and your employees creates a baseline of trust where both parties are informed of policies in place to mitigate Insider Risk.
The next step is using this newfound transparency to professionally train your employees. Teach them company data ownership policies, set expectations in terms of ownership and develop guidelines they can follow when in doubt.
Once you have given them the proper training, continue to educate employees on which technologies they can utilize in order to work efficiently. Collaboration tools like OneDrive and Google Drive, and personal cloud applications and storage, make it easier for employees to access, share, and download data but also increase Insider Risk. Make them aware of this and encourage them to use corporate-sanctioned collaboration tools intelligently and in line with corporate policy. Even after you’ve built up trust by being transparent and training your employees, you still need to use technology to verify they are following the expectations you laid out. By following the three Ts, there is no ambiguity as to how an employee can mitigate Insider Risk.
Internal security should not be where a business falters. When businesses’ data falls into the wrong hands, it can be devastating and cost a company both its competitive advantage and consumer trust. As workers change jobs during the Great Resignation, be mindful of how that trend exposes your company data and IP to Insider Risk. By having the proper systems in place to recognize, contain and respond to potential Insider Risk issues, your business can navigate the uncertainty ahead.
About the author: Mark Wojtasiak is the Vice President of Portfolio Strategy and Product Marketing at Code42. In this role, he leads market research, as well as the competitive intelligence and product marketing teams. He is enthusiastic about making sense of the market and enjoys the challenge of working quick tactical changes in order to ensure Code42’s products reach the right audience. He is the co-author of “Inside Jobs: Why Insider Risk Is the Biggest Cyber Threat You Can’t Ignore.” Mark has more than 20 years of B2B data storage, cloud and data security experience with him, including knowledge from several roles in marketing and product management at Seagate. He can be reached at email@example.com