Insider Threat: How to Address the ‘Human Dilemma’ in WFH Era


The recent Twitter hack showed that insider threats should not be taken lightly. Proofpoint’s 2019 reportOpens a new window indicates more than 99% of attacks required a human element to succeed. In the wake of the crisis, social engineering has become more pervasive, and hackers are targeting people as the point of entry for attacks.  Gilad David Maayan, CEO of Agile SEO reviews the most pressing remote work security threats and offers five possible solutions. 

In recent years, organizations have seen an alarming increase in breaches caused by insider threats. In days when more and more employees work remotely, the issue of insider threatsOpens a new window becomes critical. Whether an insider threat is an uninformed employee, a malicious staff member, or a criminal who gained unauthorized access, they form a substantial risk. The moment credentials are compromised, attackers can launch a wide range of attacks.

Learn More: The Benefits of Pairing Unified Endpoint Management and Device Management ProgramsOpens a new window

What Is an Insider Threat?

Insider threatsOpens a new window are security risks that stem from within an organization. These threats can involve current or former employees, third-party vendors, or criminals using compromised credentials. These insiders can use or abuse their privileged access to view, modify, or steal sensitive data or interfere with an organization’s systems. 

Insider threats have the potential for serious harm because traditional security measures are focused on external threats. Often these measures are unable to detect internal threats since authentication and authorization mechanisms are completed successfully. 

Insider threats are typically classified according to intent. There is a wide range of insider threat intents, but you should be aware of the following key threat types:

  • Malicious insider—a person who intentionally and maliciously abuses their credentials for personal or professional gain. For example, these may be employees with grudges or opportunistic contractors. 
  • Careless insider—a person who unwittingly exposes a system to threats, leaks sensitive data, or shares credentials. Often, these insiders are victims of scams or malware.
  • Moles—criminals who have gained access through vulnerable or compromised credentials. These individuals pose as legitimate users to abuse resources or steal information.

Learn More: Tips for SMBs to Reduce Cyber Risk in 2020 and BeyondOpens a new window

Work From Home Opens New Remote Insider Threats

When employees transition to working from home, your volume of insider threats may increase. This is particularly true when employees are working in less than ideal environments, for example during the COVID-19 crisis. 

Distractions such as family members or roommates and insecure connections can lead to costly mistakes. For example, accidentally sending sensitive information to the wrong email address or unintentionally allowing others to view sensitive information. 

If work from home procedures are implemented without or with insufficient planning, the risk of insider threats can significantly increase. This may be because employees are unaware of how to protect systems, because they don’t have appropriate security measures in place, or because lack of immediate supervision leads to lax security.

Learn More: Helping Employees Understand Cybersecurity: Clear Expectations are the KeyOpens a new window

Top Remote Work Security Threats

If you’ve recently transitioned to work from home procedures or you want to audit your current policies you should keep the following threats in mind. Make sure your policies account for these threats and you have measures in place to prevent exploitation. 

Command and Control via Phishing

Phishing attacks are a well known tactic for obtaining sensitive information, including credentials or system details. These attacks are often performed over email and may involve attackers pretending to be an authority figure. Another common tactic is to use links that redirect to false login portals or download malware. 

In some of the most dangerous attacks, criminals attempt to gain control over user devices through these attacks. If such attempts are successful, attackers can begin reconnaissance of system permissions and attempt privilege escalationOpens a new window to find and steal sensitive data.

Learn More: How to Securely Scale Insider Threat Management Without Putting Data at Risk: CTO View Opens a new window

Lack of Multi-factor Authentication

MFA requires users to provide credentials in addition to another proof of identity before authentication is completed. For example, providing a one time use token or scanning a fingerprint.

MFA can help prevent damage caused if users fall victim to phishing schemes, redirection attacks, or attacks intercepting session information. It can also reduce the risk created if users save credential information to devices that are used by others.

VPN Brute-force

Virtual private networksOpens a new window (VPNs) can help ensure that communications between remote workers and your systems are secure. However, these systems are not invulnerable and can be subject to brute force attacks. 

In such attacks, criminals target your VPN portal and attempt to gain entry using common credentials or lists of gathered credentials. These attacks are particularly dangerous if you have implemented single sign-on (SSO) since access to your VPN also means access to your applications and other system components.

Learn More: 8 Cyber Hygiene Tips to Secure Your BusinessOpens a new window

Employees Under Stress or Strain

One of the dangers of remote work is the lack of visibility that supervisors may have over employees. Without this visibility, it is difficult or impossible for you to assess the mental state of your employees or the condition of their work environment. 

These conditions may mean that employees are too distracted or stressed to work securely. It may also cause employees to be dissatisfied with their current positions and therefore more likely to act maliciously. Lack of engagement or interaction from employees is a red flag you should watch for and address quickly. 

Decentralization of Data

Remote work, whether it occurs from home or an office involves the use of distributed infrastructure and decentralized data. This is great when it comes to availability and collaboration but creates complexity that can be difficult to secure. 

To prevent this complexity from creating vulnerabilities you need to consider how security measures are distributed across your systems. This includes ensuring that employees are using secure applications, that identities are not shared, and that access is monitored. 

One of the biggest challenges of this when it comes to remote work is ensuring that employees are only accessing data through approved applications and systems. If employees are using third-party tools or storage services it may make it easier to leak data, intentionally or not.

Learn More: Know Your Enemy: 3 Types of Data BreachesOpens a new window  

Vulnerable Devices

Most remote work programs involve bringing your own device (BYOD) policies. These policies enable employees to use their own workstations, laptops, or mobile devices to access company systems and data. This can create vulnerabilities in systems since such devices are difficult or impossible for IT security teams to manage. 

Employee devices may not be up-to-date or implement appropriate security controls or solutions. Additionally, you have no control over what applications or services employees install or use for personal purposes. 

Another concern to consider is what control you have over data once it is accessed through an employee device. If employees are allowed to save data locally, it creates opportunities for theft or leakage that you cannot control. 

Wrapping Up 

Insider threats can lead to devastating breaches, but there are ways to reduce risks even during a peak in remote work. Perhaps the most effective way to reduce insider threats is through training and education. The more security-savvy employees, the better they will be at recognizing attacks, and avoiding them. Another great security measure is MFA, which can help prevent unauthorized access even if some credentials have been compromised.

Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!