The fact that workers worldwide are destined to continue working remotely, some potentially deep into 2021, will have an effect on internal data theft, experts caution.
The COVID-19 pandemic & a global shift to a distributed workforce has affected data theft during 2020. Those patterns are likely to not only continue, but increase in 2021, says industry analyst firm Forrester.
Forrester, referring to the continuing persistence of remote working, predicts that internal incidents will be responsible for 33% of breaches in 2021.
Data Breaches
Analysts there predict insider data breaches will increase 8% in 2021 & that a 3rd (33%) of all incidents will be caused internally. That number is up from its estimated figure of 25% of all incidents during 2020.
The report predicts that employee fears around job loss, paired with the ease that data can be moved – to the cloud, e-mail, network attached storage, or USB – could relate to an increase in insider incidents.
The report classifies accidental incidents along with those carried out by malicious intent as ‘internal incidents.’
Adapt & Learn
Assuming enterprises adapt & learn to better combat insider threats, they will be able to identify & defend against both types of attacks, the report suggests.
“As firms add capabilities for detecting insider threats, they will also be able to identify & attribute more incidents to insider activity than they were previously,” the report reads.
“Give specific focus to insider threat defence, emphasise employee experience to avoid turning employees into malicious insiders, & remember that trust is not a control.”
Insider Threat Defence
To stop incidents, CISOs need to prioritise insider threat defence while being careful not to reduce employee privacy.
“Leading CISOs will put a greater focus on insider threat defence while emphasising improved employee experience & not treating users like machines in order to avoid turning employees into malicious insiders,” the report reads.
“Considerations for employees’ privacy, company culture, & local standards for lawful, fair, & acceptable labour practices are key to the success of your insider threat program.”
Predictions
The increase in insider incidents was 1 of several predictions published this week in Forrester’s Predictions 2021: Cyber-security report.
The report comes alongside a greater awareness around insider threats, & after high profile insider incidents at companies like Tesla, Twitter, Shopify & Amazon.
The report is also predicting that failing to address a ‘toxic employee culture’ will come back to bite a Global 200 firm next year, forcing a CISO to take the blame, that funding for non-US-HQ cyber-security companies will go up by 20%, & that risk quantification solutions will see increased popularity.