Organizations must understand the threat that insider risk poses to their business in order to continue fostering agility and speed to improve business outcomes.
For years, the most successful businesses have fostered cultures rooted in agility and speed to gain a competitive advantage. This digital transformation was put to a halt by the pandemic. The benefits of this shift are self-evident: businesses are unleashing their employees’ creativity by allowing them to work in new, faster, and smarter ways, resulting in increased productivity and innovation. However, there is a disadvantage that is far more difficult to detect. Insider risk is unavoidable in this agile, cloud-based collaboration culture.
Data leaks, regardless of motive, jeopardize the reputational, financial, and operational well-being of the company and its employees, customers, and partners. Most businesses are oblivious to the growing insider risk problem, and they are failing to notice how new modes of working are jeopardizing sensitive files and data.
Addressing the insider risk
Decentralized collaboration and remote work are here to stay. Files are continually moving between endpoints, to and from the cloud, and on and off the network in this new remote working world. The majority of this file activity is completely safe. However, a surprising proportion of file activity directly jeopardizes business value – and that risk activity is increasing. According to the Aberdeen Group’s “Understanding Your Insider Risk, and the Value of Your Intellectual Property” the average number of data exposure incidents per person, per day is 13 (e.g., insiders copying enterprise files to untrusted locations through messaging, email, cloud, or portable storage).
Given the tremendous acceleration of digital transformation in the post-pandemic world of work, the insider risk issue will continue to grow. Most IT security leaders predict insider threats to rise over the next two years, according to the Code42 2021 Data Exposure Report, which found that employees are 85 percent more likely than before the pandemic to lose or leak files and data.
Risks emerging from everyday activities
The most difficult aspect of insider risk is identifying the truly risky activity among the background noise of routine file activity. However, there is a difficulty that is closely connected to this one: The majority of risky activity isn’t intentional or malicious; it’s just employees attempting to get their jobs done. More often than not, insider risk is caused by the most innovative and productive staff discovering shortcuts to faster, smarter ways of working — and unwittingly exposing sensitive data.
Risk prevention vs. risk tolerance
For data security, an increasing number of companies are moving away from the legacy “risk prevention” concept and toward the more modern “risk tolerance” model. However, insider risk continues to be a key blind spot in most companies, one that is growing at the speed of cloud-based collaboration. Security teams cannot view all the file activity of all their users – on and off the network, on the endpoint, in the cloud, and remote. And what they can see is obscured by the background noise of everyday activity. They are unable to receive a clear indication of their biggest risks.
Without understanding and visibility of insider risk, it’s more like involuntary risk acceptance than an empowered stance of risk tolerance.
Fostering business agility
Companies must understand the inherent risk created if they want to continue promoting speed and agility to achieve business outcomes – allowing employees to work in better and smarter ways. They should recognize the threat that insider risk poses to their business. And then strive to gain a better understanding of what risk looks like in their company, such as identifying their most valuable and sensitive files and data, calculating the potential cost of losing that IP, and identifying the biggest insider risks to that IP. IT and security teams will be able to take an empowered posture on enabling the business and tolerating risk while protecting data and business value with this solid foundation of understanding.
For more such updates follow us on Google News ITsecuritywire News.