BradEgeland.com #PMP #PPM #project #Agile #cybersecurity #planning #ai #SAFe #coronavirus #virtual #mindmap #remote #COVID19 #scaledagile #fintech #webdesign
  • Welcome
  • Contact
  • Mentoring Contact Form
  • Expertise
  • Blog
  • Find Local PM Jobs
  • Books / White Papers
  • Software / Service Reviews
  • This Week in PM
  • PM Video Series
  • Awards/Recognition
  • Templates & Downloads
  • Clients
  • Professional Services
  • Past Survey Results

The Downside of the Remote Work: 85% Increase in Insider Risk

2/20/2021

0 Comments

 
Picture
Roughly a year into this "new normal," the vast majority of companies are labeling the remote work shift a resounding success — improving productivity and accelerating their digital transformations. But that success comes at a cost: Employees are a whopping 85% more likely to leak sensitive files and data now than they were before the COVID crisis hit, according to the recently released Code42 2021 Data Exposure Report (DER). The report found that 3 in 4 organizations experienced at least one data breach involving the loss of sensitive files in 2020. And while we all read the scary headlines on surging cyberattacks in the wake of the remote work shift, IT security leaders say employees (intentional or otherwise) were the biggest cause of data breaches — ahead of external actors

The biggest change in the IT security world wasn't about where employees were working — it was all about what they’re doing. Workers are connecting remotely (only using the VPN 10% of the time, according to Code42 research), using cloud collaboration and web-based productivity apps to zing files and data back and forth. They're downloading, uploading, emailing, messaging, syncing, sharing, DropBoxing, Google Driving, AirDropping and more — all day, every day. The world will return to normal (someday…), but businesses will hold onto the advantages of a flexible, cloud-collaboration-powered workforce. And that means the Insider Risk problem won't just disappear. The Code42 2021 DER found that 6 in 10 IT security leaders believe Insider Risk will increase, or increase significantly, in the coming years.

A new world of risk — a new paradigm of risk tolerance

The thing is, most CISOs recognize that this shift in the way we work has been percolating for several years now. Organizations are increasingly building competitive advantage through cultures rooted in speed, agility, collaboration and rapid innovation. And this requires a new understanding of risk tolerance — new calculations in balancing the need to empower speed and agility with the need to secure and protect all that fast, agile innovation. The pandemic was just the force accelerator that pushed this paradigm shift past the inflection point. All organizations are now tolerating some level of Insider Risk in order to enable the agility, speed and innovation required to survive and thrive in today’s business climate. Even the U.S. State Department — one of the most conservative, high-security organizations in the country — acknowledged, "We have a risk tolerance now." This has led Gartner to create entirely new category of data security solutions to address this new reality: Insider Risk Management*.

Conventional security infrastructure can't handle the nuance of risk tolerance

For CISOs and IT security leaders, 2020 was a triumph in rapidly adjusting to support remote work and maintain business continuity. But 2020 also laid bare the failure of existing security infrastructure, up and down the stack, to keep up with today's digital workplace. Conventional, policy-based blocking tools like DLP and CASB aren't designed to handle the nuanced game of risk tolerance and Insider Risk Management. Old, black-and-white notions around insider threat prevention are leaving security teams in a lose-lose situation: The 2021 Code42 found most IT security leaders say they’re fielding daily or weekly complaints that employees' legitimate activity is being blocked. At the same time, conventional security tools are leaving blind spots to new ways of moving files and data, and most IT security leaders say they’re not able to see those blind spots.

2021 isn't just for cleaning up — it’s a chance to plan for what’s next

As they clean up the data security risks of the reactive strategies put in place in 2020, security teams should be careful not to take a similarly ad hoc approach to plugging the gaps. We all need to work toward forward-thinking security postures that can keep up with the fast-moving, collaboration-driven culture C-suites are fostering. Security teams need technologies and processes to better identify risky behaviors without inhibiting collaborative culture and employee productivity. We need technologies that flag Insider Risk indicators, such as working off-hours, changing file extensions, having access to the files of a highly confidential project or resigning from the organization.
​
The key is context. The new paradigm of Insider Risk Management is all about nuance, and security teams need to see the context — around the data, the vector and the user — in order to walk the line between managing Insider Risk and enabling the speed and agility that are critical for their business.

0 Comments



Leave a Reply.

    Author:

    Picture

    Brad Egeland


    Named the "#1 Provider of Project Management Content in the World," Brad Egeland has over 25 years of professional IT experience as a developer, manager, project manager, consultant and author.  He has written more than 7,000 expert online articles, eBooks, white papers and video articles for clients worldwide.  If you want Brad to write for your site, contact him. Want your content on this blog and promoted? Contact him. Looking for advice/menoring? Contact him.

    RSS Feed

    Picture
    Picture
    Picture
    Picture

    Archives

    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    April 2014
    March 2014
    February 2014
    January 2014
    December 2013
    November 2013
    October 2013
    September 2013
    August 2013
    July 2013
    June 2013
    May 2013
    April 2013
    March 2013
    February 2013
    January 2013
    December 2012
    November 2012
    October 2012
    September 2012
    August 2012
    July 2012
    June 2012
    May 2012
    April 2012
    March 2012
    February 2012
    January 2012
    December 2011
    November 2011
    October 2011
    September 2011
    August 2011
    July 2011
    June 2011
    May 2011
    March 2011
    January 2011
    December 2010
    November 2010
    October 2010
    September 2010
    August 2010
    June 2010
    May 2010
    April 2010
    March 2010
    November 2009

    RSS Feed

Powered by Create your own unique website with customizable templates.