Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
Today’s workforce is data-dependent and widely distributed. The use of cloud collaboration technology is sprawling. Data is highly portable, users are often remote and off the network, and file-sharing technology is widespread. It’s no wonder, then, that insider risk is of greater concern than ever.
“Insider risk is one of the fastest growing threats that businesses have to address today,” said Michelle Killian, senior director of information security at Code42, a software-as-a-service (SaaS) vendor specializing in insider-risk management.
Insider threats are often not malicious — in fact, a significant portion of the time, they’re inadvertent and simply the result of human nature — but even so, as Killian pointed out, “insiders can expose, leak or steal data at any moment.”
What is insider risk?
Simply put, an insider is anyone who has access to an organization’s data or systems: employees, contractors, partners, vendors.
Insider risk occurs when sensitive corporate data — IP, digital assets, client lists, trade secrets, and other company “crown jewels” — is moved to untrusted places, such as personal devices, email or cloud destinations.
“Such data movement presents considerable competitive, financial, privacy and compliance risk,” said Killian.
According to Joseph Blankenship, vice president, research director for security and risk at Forrester, insider risks are typically composed of:
“Accidental” actors: Insiders who cause harm due to carelessness, mistakes, or by non-maliciously circumventing security policies. A 2021 Forrester survey indicated that 33% of data breaches attributed to insiders were accidental or inadvertent, according to B …