As IT and security professionals, COVID-19 pushed most of us into a “just make it work” mode for much of 2020. We quickly scaled up the use of collaboration platforms like Zoom, Microsoft Teams, Google Meet and Slack, recognizing that circumstances demanded some short-term risk tolerance. It’s clear, though, that more remote, flexible work arrangements are here to stay.
We’ll continue sharing more data, with more people, faster than ever. And we’ll all be better for it. The sharing of information drives quicker decisions, better outcomes and more successful organizations.
But as we move from “just make it work” to embracing this new world of work, we’ve got to also confront a whole new world of risk.
The New World of Risk
With Stanford research showing that nearly half of the U.S. labor force is now working from home full-time, insider threats are a much more difficult problem. The surge in digital collaboration and sharing adds to what was already a common blind spot: The traditional security stack gives limited visibility into all the files and data flowing through these cloud apps — to and from employees, devices, vendors, customers, etc.
Added Pressure, Increased Insider Threats
We all know users take the path of least resistance, and with people working from home — in a more casual environment — it’s even easier to bend the rules a bit. We’re also seeing record-high levels of unemployment and lots of economic uncertainty — pressures that push people to “look out for No. 1” can make “good” employees do “bad” things.
All of this adds up: Employees who might be tempted to steal intellectual property and take it to their next job are more likely to do so when they feel like nobody’s watching. And in Code42’s February 2020 research, nearly one-third of the 5,000 knowledge workers surveyed said they used cloud-based collaboration services to exfiltrate data from their employers.
The Bigger Insider Risk: User Error
With companies and their employees adapting to new ways of working at a breakneck pace, simple user error is the bigger risk. Without comprehensive policies and user training on all these new apps and ways of working, users find shortcuts — in how they use sanctioned apps, and in using unsanctioned apps. Here’s a quick example: Last year, dozens of companies made the same mistake with misconfiguring their Box.com sharing settings. Users intending to make folders shareable instead made them publicly accessible, unwittingly exposing all manner of sensitive, regulated and highly valuable data to anyone who had (or could guess) the right URL.
What’s Being Exposed? Valuable Data
Let’s be honest: You don’t care about file exfiltration unless the content is important. Here’s where organizations tend to get overconfident in their current tools and policies. But the numbers don’t lie: Code42’s latest data shows that in the past 30 days alone, companies have had literally millions of files exposed — more than half of which were high-value data and intellectual property, like business documents and source-code files (the “crown jewels” in many organizations). And it’s happening to the big guys — Google, Twitter, even the CIA, which uncovered an insider breach that exposed about 2.2 billion pages of top-secret CIA computer hacking methods, which went undetected until the data showed up on WikiLeaks a full year later.
New World of Risk Demands a New Approach to Data Security
It’s pretty clear that conventional security tools and strategies aren’t designed for this new world of work. If companies are taking a new approach to where and how people work, then it’s also time to take a new approach to how we secure and enable that work. We need technology that tracks all data movements, but in a way where it doesn’t block people from accessing and sharing the files they need to do their jobs. We also need technology that gives us a better signal of our real risks; and technology that makes it fast and easy to investigate and respond to threats — before the damage is done.
The Code42 Incydr Series:
See how Incydr is built for the new world of risk
The key to all of this is cutting through the noise with context. That’s where Code42 Incydr takes a different approach, bringing together three dimensions of context: Data (the what); vector (when, where and how); and user (who). This allows us to quickly and accurately detect and respond to insider threats, without overwhelming security teams or inhibiting employee productivity.
Over a series of short articles, we’ll dive into how to address five of the biggest insider risks:
Stay tuned for the next installment in the Code42 Incydr Series — and head here to see Incydr in action.