The 2020 DTEX Insider Threat Report shows that the Work From Home movement has helped reveal a blind spot in visibility to employee behavior. For years, security has focused on external threats while treating insiders as trusted by virtue of being inside the corporate network.
While remote workers have grown in numbers over the past years, the COVID 19 pandemic has forced companies’ hands. Many have discovered that it works well from a productivity standpoint. Google has extended its work from home policy until at least July 2021, Starbucks until October 2021, and many other technology firms are following suit.
Productivity goals may indeed be achievable with a remote workforce. Achieving security goals, however, requires a change in strategy. With workers off the corporate network, some malicious activities may not be as visible.
The report shows a dramatic change in kill chain behavior during the pandemic. The number of companies observing reconnaissance and aggregation activities increased 250% over 2019. The number observing obfuscation behavior, including TOR browsers and bypassing corporate VPN, increased 450% over the previous year.
Organizations need to be aware of suspicious and malicious activities, especially those within the insider threat kill chain. At the same time, workforce cyber intelligence efforts cannot be seen as spying on employees or an unfounded lack of trust. Traditional cyber security and workforce monitoring tools lack the insight into context and anomalous behavior required to detect malicious activity. Just as importantly, they lack the ability to do so while also building a culture of trust and transparency.
To learn more about trends in insider threats and how organizations can protect their sensitive data and the privacy of their workforce, download the 2020 report here