Share this story
Read Time: 5 minutes
The study was based on data from 2018-2019, a period well before Covid 19 and the enforced move to remote working. It reflects a time when the majority of employees sat within security perimeters, so how will these statistics change now that we’ve turned our networks inside out?
Our focus is on SMBs, who are less likely to have the necessary level of security infrastructure, or the level of investment needed to activate all the policies and procedures required to stop risks caused by the actions of employees, intentionally or otherwise.
Before Covid 19, both the UK and US governments issued a warning about the risks associated with VPN’s, which for most SMBs is an essential tool for enabling remote working. The advice was to implement greater visibility and control over network users and data. With our workforce now flung far and wide, that guidance has a new sense of urgency.
For context, a survey by Kaspersky Lab found that over half of all businesses believed their greatest risk was likely to result from the actions of employees, with the research finding that the biggest worry was the sharing of inappropriate data on mobile, portable and BYOD devices. The loss of mobile devices came second, with inappropriate use of IT resource completing their list of top risks. Now, with the move to remote working, these risks have increased significantly, as businesses are forced to balance operational necessity with their security and well-being.
Accidental breaches are commonplace, with employees inadvertently clicking on malicious links or accessing rogue data in error. Generally, these users will adhere to policies and follow guidance, but carelessness leads to breaches. With remote working placing users outside an office environment, without the full array of support tools and working structures, this is only likely to become a growing risk.
Simple negligence is still the most common form of insider threat. While most employees aim to follow guidelines and policies, a small number don’t - with devastating results. Offenders may not intend to put a business at risk, but don’t buy into the need for policies and practices or find them constraining and obstructive. Whatever the reason, the results the same.
There are many reasons for users to act maliciously, including dissatisfaction, frustration and criminal intent. Again, remote working increases risk in this area, with the danger of ‘insiders’ turning into ‘outsiders’.
According to Gary Hudson, publisher of Human Error, a website set up solely to address employee-initiated risk, there has never been a more critical time to take action to stop human error. “If the problem wasn’t bad enough when our networks were within our security layers, we’ve now turned everything inside out. Our users are no longer behind well maintained defences but are spread all over the place. The margin for and risk from human error has grown exponentially.”
Gary Hudson, Publisher of Human Error
Hudson believes the IT sector must wake up to the biggest cause of security breaches. “If ever there was a need to rethink your security strategy, now’s the time. Remote working has opened our networks up. We’re seeing a proliferation of new devices, many BYOD, to enable remote working. We’re less in control of our users and those users are in their own worlds with their own set of rules. There’s too much at stake to let that continue”.
This article was sponsored by CyGlass, an advanced threat detection product that offers visibility and control over network traffic.
Features that include dark threat detection, critical asset protection and compliance for small financial institutions, specifically target insider threats by detecting malicious activity and human error. CyGlass is affordable, can be implemented in minutes and is currently available for 90 days at no cost.
Let us know what you think about the article.
We're a community where IT security buyers can engage on their own terms.
We help you to better understand the security challenges associated with digital business and how to address them, so your company remains safe and secure.
When Office 365 isn't secure enough
You can’t protect what you can’t see
Alarm bells should be ringing with cyber security teams following recent guidance issued by both UK and US government security experts.
Before Covid 19, many SMB’s and mid sized enterprises were embarking on a journey to workplace automation and a world of greater performance, flexibility and control
Some think that hackers are "cool" and that their spirit of mischief and sneaking is admirable.
50% of IT leaders don’t know if their cyber security is working
Any business feels the pain