2020 Work-for-Home Shift: What We Learned

One area that organizations need to deal with is the rise of the insider threat, with so many unhappy employees who have been furloughed, or let go, from their jobs…

Steve Durbin, Managing Director of the ISF

Goodbye, 2020 — and good riddance, right? Most of us don’t want to take too much from this year into the next — but let’s make an exception for what we learned about security in the wake of the COVID-19 pandemic. In 2021 after all, more enterprises will permanently downsize their physical spaces and give employees the flexibility to continue working from home.

In an effort to have a safer 2021, Threatpost takes a look at the top five biggest takeaways of the remote-work shift for security teams going forward.

A Mobile-Focused Security Policy is a Must

As workers went home, mobile devices became more ascendant, with many of the new go-to collaboration and cloud services offering mobile apps designed to boost productivity and allow multitasking. This resulted in rafts of personal devices suddenly being used to access corporate resources — and true to form, cybercriminals followed the trend lines.

For instance, 2020 saw mobile messaging becoming a growing vector for phishing attacks (often called smishing). In fact, in September, the FTC issued a warning about phishing campaigns involving text messages with false delivery notices that included a link to validate the delivery.

“Across any chat medium on mobile, phishing attacks seek to trick users into clicking links to expose personal and work credentials, and even download mobile surveillanceware,” Chris Hazelton, director of security solutions at Lookout, told Threatpost.

But threat actors are building more advanced phishing campaigns beyond just credential harvesting, according to Hank Schless, senior manager for security solutions at Lookout.

The Rise of New Insider Threats

Remote employees have been thrust into new working environments, with no face-to-face supervision and little to no training for handling new security risks. And, they are also facing more distractions from their home settings, as well as new emotional stresses tied to COVID-19 and less job satisfaction. All of these factors created a ticking time bomb for insider-threat risks in 2020, researchers said.

According to a report from Tessian, insider-caused security incidents already increased by 47 percent since 2018. Worse, security experts warn that organizations aren’t ready for this influx of remote work-induced challenges.

“The [work from home] trend due to the COVID-19 pandemic has significantly increased insider threats from employees taking risks with company assets, such as stealing sensitive data for personal use or gain as employers have less visibility to what employees are doing or accessing,” Joseph Carson, chief security scientist and advisory chief information security officer at Thycotic, told Threatpost.

Insider threats can stem from either “negligent insiders,” or malicious insiders, who intentionally steal data or company secrets. The “negligent insiders” are the bigger threat, according to Proofpoint. They account for 62 percent of insider-threat incidents.

A survey from IBM Security in June found that more than half surveyed had yet to be given any new security policies on how to securely work from home. Also, more than half surveyed had not been provided with new guidelines on how to handle personal identifiable information (PII) while working from home, despite more than 42 percent newly being required to do so as consumers lean on customer service representatives for a variety of services.

“One area that organizations need to deal with is the rise of the insider threat, with so many unhappy employees who have been furloughed, or let go, from their jobs,” Steve Durbin, managing director of the Information Security Forum, told Threatpost.Going forward, awareness of insider threats must take on more importance, researchers noted — especially as the pandemic grinds on and layoffs/workplace dissatisfaction rises.

“The insider threat is one of the greatest drivers of security risks that organizations face as a malicious insider utilizes credentials to gain access to a given organization’s critical assets. Many organizations are challenged to detect internal nefarious acts, often due to limited access controls and the ability to detect unusual activity once someone is already inside their network. The threat from malicious insider activity is an increasing concern, especially for financial institutions, and will continue to be so in 2021.”

Overall, the trust that organizations must place on their workers has grown with rapid digital transformation, increasing information risk and changing work environments — and there’s no sign of this changing. Taking the lessons of 2020 will be critical for a safer and happier 2021.