The last three years have changed the workplace more than any other period in history. We’re now in a new phase with pandemic restrictions easing across the board and most organizations around the world in full “return to office” mode.
While this is dominating the current headlines, the reality is that hybrid and “work from anywhere” are here to stay. Employees are now working on devices outside the network, so traditional security efforts to monitor and protect against insider risks are losing visibility and no longer as effective. This creates a struggle for organizations to balance the heightened risk of insider threats with employee privacy. Unfortunately, we’ve seen an increase in the use of invasive employee monitoring technologies that give organizations visibility into insider threats at the expense of privacy.
The good news is that there are new approaches to insider threat detection that give organizations a better way forward.
To gain further insight into this challenge, we collaborated with Enterprise Management Associates (EMA) on new research based on a survey of hundreds of IT practitioners and executives from organizations with 500+ employees across more than 10 vertical industries. We’re pleased to share the results in a newly released report, “The Evolving Dynamics of Insider Risk, Privacy, and Compliance.”
Let’s dive into some of the issues explored through the research.
The impact of work from anywhere on insider threat detection
Based on EMA’s survey, over 80% of organizations expressed some level of concern about the increased risk of insider threat and work-from-home initiatives. In retrospect, this concern was valid as 69% admitted that traditional security models began to break down with the shift to a remote workforce.
It’s easy to assume that malicious insiders are the largest cause for concern. But clearly, the acceleration of digital transformation brought on by the COVID-19 pandemic created even more instances where unintentional employee negligence and risky behaviors are introducing risk. In fact, 49% of organizations experienced an incident caused by negligence.
Can privacy and insider risk programs coexist?
In addition to heightened concern over insider threats, the new work-from-anywhere reality means that it’s harder than ever to ensure a workforce is playing by the rules and staying on task. The challenge now is how to do this effectively when a slew of regulations enacted over the past five years raise the stakes for privacy protection.
This has created new expectations among employees about how organizations respect their privacy. In fact, according to our survey last year with Ponemon, 63% of respondents say it is important or very important to protect employees’ privacy in the workforce, but only 34% of organizations are effective or very effective in doing so.
Organizations must walk the fine line between respecting employee privacy and monitoring for insider threats. The desire to monitor everything results in data overload and alert fatigue for organizations, which is why privacy and insider risk programs should coexist and complement each other.
How can organizations find balance between privacy and security? A good approach: analyze and understand user behavior and what it’s indicative of. Through utilizing behavioral analysis, organizations can predict if a user’s actions may be a security risk. Additionally, analyzing anonymized metadata of employee’s actions and using it to make intelligent, risk scoring-based decisions further protects employee privacy and provides the context needed to inform business decisions that impact cybersecurity efforts. For example, malicious, negligent, or compromised behaviors can be combined with behaviors of intent and early warning indicators to help assign a risk score to individual behaviors and cumulative behaviors—all without tracking user data.
New approaches to insider risk, privacy, and compliance
Organizations have a wide range of tools at their disposal to protect against, detect, and mitigate insider threats, however, many fail to recognize the human behavioral element of insider risk. The use of these tools can sometimes be controversial, given their potential to infringe upon employees’ privacy. Organizations need to carefully balance employee privacy, industry regulations, legal requirements, and securing the enterprise. This must be done in a way that not only meets regulatory requirements, but also creates a safe and respectful environment for employees and their privacy.
Overall, organizations should continue to protect against insider threats, but it must be done in a manner that respects employee privacy and makes risk-based decisions if employee behavior is a threat.
DTEX delivers a new approach to enterprise workforce data collection and analysis by focusing on understanding how, when, why, where and for how long employees and third parties interact with data, machines, applications, and their peers as they perform their job responsibilities to create a safer, smarter, and more secure enterprise. This solution was designed for today’s modern, distributed workforce model and provides complete visibility into user and account activity—keeping all data anonymous to protect privacy, and only shining a light on abnormal or inefficient behaviors that indicate risks and areas for operational improvement.
You can download the research brief from EMA here to learn more.
Are you interested in learning more about workforce cyber intelligence and how you can protect against insider threats? Contact our team today to learn more about workforce cyber intelligence or request a free insider threat assessment here: https://www.dtexsystems.com/critical-infrastructure-insider-threat-assessment/