From remote work to switching jobs: The rise of insider threats

Increased insider threats undermine productivity on a global scale


It’s nothing new that cybercriminals are targeting people, rather than infrastructure to gain access to organisational data and networks. Whether behaving accidentally or maliciously, employees can be the difference between a near-miss incident and a painful data breach.

We have seen a rise in insider threats to organisations globally. Proofpoint’s 2023 State of the Phish Report revealed that almost three quarters (71%) of organisations across EMEA experienced data loss due to an insider’s action in the past year.

With threats from within on the rise, we must consider what factors may be driving this trend and what organisations can do to keep secure.

Working practices driving careless behaviour

Working practices have changed considerably in the past few years, with remote and hybrid working undoubtedly playing a part.

The collaboration tools we all use to keep us connected in the work-from-anywhere world make it easier than ever to share, and expose, sensitive information. Meanwhile, employees, many not used to working outside of the traditional surroundings of the office, are more prone to making the types of mistakes seized upon by threat actors. With employees i.e. your people now forming the defensive perimeter wherever they work, 51% of surveyed CISOs said that they have seen an increase in targeted attacks in the last 12 months.

All of which combines to contribute to the spiralling cost of insider threats caused by the careless employee, up from 63% to $484,931 on average per incident over the last two years.

The leaver challenge

Pandemic-related job mobility, coupled with post-pandemic economic uncertainty, has resulted in large numbers of workers changing or leaving jobs to the tune of one in four employees globally in the past two years, among these nearly half (44%) admitted to taking data with them to their new roles.

Despite the best efforts of security teams, when an employee leaves, it is not uncommon for their data to leave with them. This may be unintentional, such as saved credentials on a personal device, but in many cases, it is deliberate and malicious. For example, former employees may wish to hang on to data that could help them in their new job or feel entitled to ownership over the information and projects they worked on during their employment.

But that’s not all. A disgruntled employee counting down the days of their notice period may seek revenge against your organisation by exposing sensitive data. Leavers are also a valuable target for cybercriminals and could be more inclined to sell data and credentials once their leaving date is on the horizon and their loyalty to their current employer wains. These criminal and malicious insider threats account for over a quarter of insider attacks, costing an average of $648,062 per incident.

Protecting the people perimeter

Whether it is physical differences such as remote working or new perspectives like the many reasons behind a volatile job market, the working world has changed irreversibly whether you agree that is for the better or not.

In this new world, the traditional mindset of outside-in defence is no longer fit for purpose. Today, your perimeter is wherever your people, your employees, are – and you must equip them with the tools and expertise to defend it.

It’s also vital that every member of your team understands all policies and regulatory requirements related to their work, wherever and whenever they carry it out. Most importantly, they must understand the potential consequences of failing to comply with these stipulations – even after they have left your employment. And so, by gaining visibility into the rise of insider threats you can best protect your people and defend your data.

To learn more, visit us here.


Copyright © 2023 IDG Communications, Inc.