In 2020 the COVID crisis blanketed the entire world and quick fixes were necessary to enable business to continue. Most government agencies and corporate businesses were immersed in transition to a majority remote workforce. The transition was a new beginning and the end of the traditional way of thinking about the workplace. As is the case in any crisis situation, decisions had to be made, and were made, based on existing circumstances and with little time to plan and prepare for such an abrupt shift, from an in-office workforce to a majority work-from-home work environment. In the midst of it all, security protocols were adjusted to accommodate this dramatic change and allow for continued productivity. With a majority of employees working from home, the insider threat emerged in a new light and with even greater challenges. The paradox of remote employees as an insider threat required an expanded approach to information and systems security, updated security policies, a process for mitigating the insider threat, and deep consideration about employee trust and privacy.
The paradox of remote employees as an insider threat required an expanded approach to information and systems security, updated security policies, a process for mitigating the insider threat, and deep consideration about employee trust and privacy.
Working from home was initially met with quite a bit of enthusiasm and positive feedback. Business travel fell to a new low worldwide and workers not having to travel to and from the office had more time, presumably enabling a better home-work life balance. But studies have confirmed what security managers already knew: working from home can blur the lines between personal and business. According to the May 2021 HP Wolf Security Study, 76% of office workers who transitioned to work from home during COVID-19 said the lines between their professional and personal lives had blurred. Half of those same workers reported viewing their work devices as personal devices. Open, physical access within the home to electronic devices designated for business purposes, increased incidents of shared passwords, and the use of personal devices to conduct business and vice versa, are just a few obvious examples of where the line between personal and business becomes blurry. Slow internet connection response times likely lead to inconsistent use of VPNs, while falling for phishing emails and weak endpoint security offered hackers more access points for malicious activity. Add in the fact that over the last year and a half there was an increase in marital separations, numerous businesses and employees were adversely impacted financially, lay-offs and terminations caused fewer to do more, and interaction was confined to communicating virtually by telephone, video, and software with team chat features. The blurred lines between personal and business were clear and created a dilemma: What information was necessary to adequately identify, verify and evaluate insider threat indicators, and how much information collection is too much?
The blurred lines between personal and business were clear and created a dilemma: What information was necessary to adequately identify, verify and evaluate insider threat indicators, and how much information collection is too much?
The term insider threat is most simply defined as a threat to the organization that originates from within, often with the purpose of committing fraud, sabotage, espionage or to otherwise damage the organization’s brand. The insider threat challenge is to accurately identify indicators and instances where careless, compromised or malicious insiders knowingly or unknowingly facilitated or gained access to sensitive business information intended to harm the company. It is a tall order, especially considering increased points of access and compromise were a result of the quick move to a remote workforce.
The insider threat challenge is to accurately identify indicators and instances where careless, compromised or malicious insiders knowingly or unknowingly facilitated or gained access to sensitive business information intended to harm the company. It is a tall order, especially considering increased points of access and compromise were a result of the quick move to a remote workforce.
Potential indicators of an insider threat are rooted in a mixture of highly stressful experiences. Marital problems leading to separation and divorce, financial strain, lack of adherence to personnel and security policies, decreased performance, and increased levels of discontent, are just a few examples. Harvard Business Review recently published survey results indicating a majority of remote workers currently feel distracted and disconnected. Distracted and disconnected can lead to decreased performance such as details and deadlines missed – causing distressed or disgruntled employees willing to disregard policies in place to ensure the well-being of the organization. In August 2021, Alicia Hope reported in CPO Magazine that the LockBit Ransomware gang was actively working to recruit or compromise company insiders to facilitate ransomware attacks – paying millions in exchange for the assistance. This combination of circumstances shows that the threat to businesses from the remote insider is at an all-time high.
The combination of circumstances that came into existence so business could function when the world shut down has led to an enormous erosion of information security, system security, and personnel security, and concerns about how best to manage security and mitigate remote insider threats. The combination of circumstances has also generated discussion about employee trust and privacy. Several of the insider threat indicators play out largely within the personal space, in the home, among friends, and on social networks. The same space that has become a common workplace. Yes, the lines between personal and business are blurry. This being the case, what does it mean for employee privacy and employer trust? There is a mountain of information already available on public platforms where employees blog, post, and chat about the workplace and their personal lives. Almost anyone can see it and surely they know this. But, there seems to be a sense that if an employer looks at the content it is an invasion of privacy, and companies are afraid of the backlash. We have certainly seen how a complaint gone viral has consequences. Will the desire to trust include enhanced efforts to verify and monitor as part of mitigating insider threats? Or, while it is sad to even consider, have the circumstances aligned such that we are headed for a zero trust model with deeper pre-employment background queries, and more frequent insider situational reviews? In the near term, it will most likely be a combination of the two. While employees, and people in general, are quickly becoming more aware of and affected by big data breaches, they will too become more aware and concerned for their personal privacy.
About The Author
Toni Chrabot started Risk Confidence Group in 2015, shortly after retiring from the Federal Bureau of Investigation where she spent 25 years performing investigations, security intelligence, and related areas. She took her expertise into the private space and now serves clients in much the same way. Intelligence, understanding their process, consultancy, and investigations. Media Sonar has been fortunate to have worked with Toni on a number of projects in the past.