2020 Insider Threat Report: ‘Remote and @Risk: Trusted Insider or Malicious Threat

2020 Insider Threat Report: For decades, the global workforce has been slowly shifting to a dispersed or “work from home” (WFH) model. In fact, WFH grew 173% from 2005 to 2018*, with companies such as Coinbase, Twitter, Upwork, Facebook and Shopify leading the way. The global political, environmental and infectious events that have defined the first nine months of 2020 accelerated this trend – creating operational and security challenges for every organization and causing disturbing changes in employee behaviors. DTEX’s analysis shows that the shift to a near 100% WFH workforce by the Global 5000 has significantly influenced and changed the behaviors of thought-to-be trusted insiders. Our customer stated that these changing employee behaviors are likely caused by several factors including an increase in employee separations and the need for security teams to augment security policies to improve the productivity of at-home workers. The research brief analyzes and plots these behaviors against the Insider Threat Kill Chain and offers specific indicators organizations can and should look for to identify elevated insider risks.

Key Facts from the 2020 Insider Threat Report

56% HIDE & SEEK

Companies with remote workers intentionally circumventing security controls to mask online activity

450% increase from previous years Over 70% of escalated incidents also included at least one attempt to circumvent another security control in order to exfiltrate data without detection

72% GIVE AND TAKE

Companies with data theft by a leaving or joining employee

230% increase over previous years Over 40% of incidents detected included a combination of flight risk and abnormal reconnaissance and/or data aggregation behaviours

These findings make it clear that the equilibrium between security posture and workforce productivity has been disrupted for almost all companies, regardless of size, industry, or geography. The question now facing the Global 5000 and every company is:

Is the trusted insider changing their behaviours to put the company at risk and what must we do differently to drive high employee performance and positive sentiment, prioritise privacy and better protect regulated data and intellectual property?