Over the past two years, IT and cybersecurity teams have faced the challenge of protecting data while employees work almost exclusively outside the protection of corporate networks. So, it was especially fitting that this year’s National Insider Threat Awareness Month (NITAM) theme was ‘Critical Thinking for Digital Spaces.’
Despite its many benefits for companies and employees, the Work-From-Anywhere movement has made it more difficult to proactively mitigate insider threats as security teams lack the visibility they were previously accustomed to, and remote employees grapple with understanding and implementing sufficient security protocols and cyber hygiene. Simultaneously, accelerated digitalization has helped hackers become more resourceful than ever before, giving rise to a new threat persona: the Super Malicious Insider.
The Uber breach is the latest to demonstrate the power of social engineering tactics, further emphasizing the importance of the human element in cybersecurity. One key behavioral trait of the Super Malicious Insider is the greater ability to leverage social engineering tactics to manipulate others to perform actions on their behalf. Super Malicious Insider techniques differ from the myriad of social engineering techniques deployed by external actors (phishing, pretexting, baiting, etc.) in that they are much more nuanced because they come from a person with a deep understanding of the organization and its vulnerabilities. The lack of in-person connection in remote working environments has made it even more difficult for employees and security teams to recognize the advanced tactics of Super Malicious Insiders.
The future of data loss prevention and protection is human-centric, not data-centric. The only true way to protect against the continued rise of social engineering is to educate your workforce on how human behavior and the sequence of these behaviors can impact an organization’s risk posture. Workforce Cyber Intelligence & Security can help organizations better understand how their employees engage with peers, data, and applications while performing their job responsibilities. In turn, combining these insights with insider knowledge from IT and security teams can reduce security organizational incidents and risks associated with employee behavior.
By refocusing motivations on ‘learning’ vs. ‘monitoring,’ employers can build trust with employees, helping to strengthen their sense of moral responsibility, enhancing perceptions of justice, and establishing a greater sense of corporate loyalty. To learn more about how the DTEX Workforce Cyber Intelligence and Security platform can help protect you and your organization or to request a demo, please visit https://www.dtexsystems.com/experiencenow/.