Insider Threats Poised to Increase in 2021
Forrester, citing the persistence of remote work, predicts that internal incidents will be responsible for 33% of breaches in 2021.
The fact that workers worldwide are slated to continue working, some potentially deep into 2021, will have an effect on internal data theft, experts warn.
We've already seen how the COVID-19 pandemic and a global shift to a distributed workforce has affected data theft this year. Those patterns are poised to not only continue but spike in 2021, according to industry analyst firm Forrester.
Analysts there predict insider data breaches will increase 8% in 2021 and that a third (33%) of all incidents will be caused internally. That number is up from its estimated figure of 25% of all incidents this year.
The report predicts that employee fears around job loss, paired with the ease that data can be moved - think to the cloud, e-mail, network attached storage, or USB – could translate to an increase in insider incidents.
The report classifies accidental incidents along with those carried out by malicious intent as internal incidents.
Assuming enterprises adapt and learn to better combat insider threats, they'll be able to identify and defend against both styles of attacks, the report suggests.
"As firms add capabilities for detecting insider threats, they will also be able to identify and attribute more incidents to insider activity than they were previously," the report reads. "Give specific focus to insider threat defense, emphasize employee experience to avoid turning employees into malicious insiders, and remember that trust is not a control."
To prevent incidents, CISOs need to prioritize insider threat defense while being careful not to diminish employee privacy.
“Leading CISOs will put a greater focus on insider threat defense while emphasizing improved employee experience — not treating users like machines — to avoid turning employees into malicious insiders,” the report reads. “Considerations for employees’ privacy, company culture, and local standards for lawful, fair, and acceptable labor practices are key to the success of your insider threat program.”
The uptick in insider incidents was one of several predictions published this week in Forrester’s Predictions 2021: Cybersecurity report. The report comes amid a heightened awareness around insider threats and in the wake of high profile insider incidents at companies like Tesla, Twitter, Shopify and Amazon.
The report is also predicting that failing to address a toxic employee culture will come back to bite a Global 200 firm next year, forcing a CISO to take the blame, that funding for non-US-headquartered cybersecurity companies will go up by 20%, and that risk quantification solutions will see increased popularity.