Video conferencing applications like Zoom have become ubiquitous with the remote workforce, but they can also introduce a new vector for insider risk.
The DTEX i3 team has observed an increase in remote control sharing with unauthorized third parties over video conferencing apps. Of significant concern is the potential for employees to outsource part of their job by using ‘screen share and control’ features, giving external users considerable unauthorized access to an organization’s data.
In response, the DTEX i3 team has issued a new Insider Threat Advisory for mitigating third-party Zoom risk and the potential for data loss or theft.
Third-party security meets insider risk management
The latest Insider Threat Advisory (iTA) explores the use case around employees leveraging video conferencing apps to subcontract part of their work to external parties.
The advisory states up front that “it is not a topic that is covered in the media as much as we think it should be” but that the volume of forum discussions is sufficient to warrant further investigation.
The operational scenario in which an employee outsources work to an unauthorized third party has potential for multiple types of security incidents. As an example, a motivated external threat actor could operate in disguise to socially engineer a well-meaning insider to gain access to their endpoint. As soon as the threat actor is given access and control to their employee’s endpoint, they could move around laterally within the environment to steal data or even conduct system sabotage.
Perhaps the threat actor has less sinister motivations; maybe they just want the financial perks offered in exchange for carrying out the insider’s work. Maybe the user just wants to disguise their physical location, and sets up their work endpoint in one location with an application to then remote connect from a non-corporate endpoint.
In any case, there are several ways that data loss could manifest. The good news is that there are several steps organizations can take to protect their data from unauthorized access without stifling collaboration.
Mitigating insider risk with people, processes, and technology
The DTEX i3 2024 Insider Risk Investigations Report highlights that when it comes to insider risk management, a human-first approach triumphs cyber-only. According to the report, most (68%) insider risk events were proactively resolved with follow up security awareness training and corporate policy changes.
Given most (75%) insider risk incidents are non-malicious in nature, this presents a powerful opportunity for organizations to protect their workforce against unauthorized data access and social engineering that, without employee education and awareness, could result in IP theft from a third party. The latest iTA provides specific mitigations for organizations to follow within the Zoom platform which can also be applied to other video conferencing apps. The iTA also provides critical recommendations for user and entity behavior analytics and security awareness training.
For specific mitigations to protect against unauthorized data access in video conferencing applications, read the latest Insider Threat Advisory.