BLOG

Three Areas of Focus for Your Insider Threat Program During the COVID-19 Crisis

by | May 18, 2020 | Blog, Trust and Safety

Security teams are settling in to the “new normal” of remote work as the COVID-19 crisis nears its third month here in the U.S. As many teams have discovered, among the myriad of logistical issues of a remote workforce is the increased risk insiders can cause cybersecurity incidents, even if mostly unintentionally. For many companies, the combination of required changes to network access policies and the human element of uncertainty around layoffs, furloughs, and salary reductions has created a need to quickly re-think the priority placed on insiders.

Despite this reality, however, Michael Rohrs of Control Risks Group urges companies to make more with their existing people and technology, rather than trying to “boil the ocean” at a time when most security teams are already overworked dealing with the crisis.

Here are three priorities to focus on to manage insider risk during the crisis:

Focus on High-Risk Scenarios:

Whether you have a mature insider threat program or no program at all, it is important to focus efforts at a time of confusion on what matters most. Understand and define which users have access to your critical assets. For some companies, this might be an engineering team working on cutting edge intellectual property. For others, it might be the accounts payable team that is trying to pay vendors with a new remote-work vetting process in place. Once you know what matters most to you, you can accept that other risks are simply second priority to ensure the existential ones don’t get ignored.

Don’t Forget the Human Element:

Especially in a time of crisis, it is important to remember insider risk is derived from humans acting on emotions and the stresses they face. The junior employee who never got all the way through security onboarding training and is now juggling new workflows, a new work environment, and family responsibilities all at the exact same time is probably not out to harm the company, but are they remembering to follow proper security protocols?

Rohrs suggests establishing, or reinforcing, an anonymous reporting channel for employees to report concerning behavior or security lapses. The junior employee’s colleagues may be better positioned than your tech stack to alert your security team to a major mis-step like saving sensitive company files to a personal laptop to expedite workflow, so take advantage of this resource.

Rely on History:

Although the work environment has changed, ultimately what matters most to your company and the behaviors that lead to insider-derived loss are likely similar. While evaluating the most important risks to focus on, draw on the lessons of previous insider issues.

Has your company always had a problem with intellectual property walking out the door when employees depart? If so, focusing on monitoring employees that have been notified of pending furloughs or layoffs may be a top priority that leads to quick loss prevention success.

In sum, everyone is already working harder, so companies are unlikely to be able to simply dedicate more time and internal resources to the increased insider threat problem. Working smartly to make the most of what you’ve got, and closing visibility gaps over time with outside help if needed, should enable resilience throughout the crisis.

Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights℠ Retainer
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks