• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

Here’s how VCs are advising founders and assessing startups amid the tech downturn – Startup

February 3, 2023

What Is Blockchain? The Complete Startup Guide

February 3, 2023

Swap ‘I’ For ‘We’ In All Of Your Business Communications

February 3, 2023
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    Samsung’s One UI 5 update is largely about personalization

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Security»Insider risk: More prevalent than ever, according to Microsoft
Security

Insider risk: More prevalent than ever, according to Microsoft

October 6, 2022No Comments7 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Insider risk: More prevalent than ever, according to Microsoft
Share
Facebook Twitter LinkedIn Pinterest Email

Learn how your company can create applications to automate tasks and generate further efficiencies through low-code/no-code tools on November 9 at the virtual Low-Code/No-Code Summit. Register here.


When you think of insider risk, what comes to mind — fraud, IP theft, maybe even corporate espionage?

While those are all undoubtedly significant causes for concern, the reality is that the riskiest insiders in your organization don’t even know they’re doing anything wrong. 

This calls for a “holistic” approach to insider risk management that doesn’t put off employees — but, rather, educates and trains them, fosters their collaboration and gains their buy-in.

This, at least, is the key message of a new Microsoft Insider Risk Report. 

Event

Low-Code/No-Code Summit

Join today’s leading executives at the Low-Code/No-Code Summit virtually on November 9. Register for your free pass today.

Register Here

“There is no bright line between internal and external risk,” said Microsoft CISO Bret Arsenault. “As outside threats multiply, so do the risks that someone in your organization will fall prey to them.” 

Risks inadvertent and malicious

Insider risk can be both inadvertent and malicious, as described in the report. It is defined as the potential for a person to use authorized access to an organization’s assets in a way that negatively affects the organization. This access can be physical or virtual, and assets can include information, processes, systems and facilities. 

Inadvertent cases can include employees taking unsafe actions, being untrained or distracted, misusing resources or causing other accidental data leakage. 

On the other hand, malicious insiders are intentionally seeking to cause harm in the way of fraud, IP theft, unauthorized disclosure, sabotage or corporate espionage. 

The survey’s most significant findings: 

  • Data breaches arising from insider actions cost businesses an average of $7.5 million annually; that’s in addition to the reputational damage, IP loss, and legal expenses that 4 out of 5 security experts say insiders cost their organizations.
  • Almost 40% of respondents said the average cost of a single data breach from an insider event was more than $500,000. 
  • The highest-rated impacts of insider risk events on organizations included theft or loss of customer data (84%) and damage to brand or reputation (82%). 
  • The average number of inadvertent events was roughly 12 per year.
  • Malicious events totaled around eight a year. 
  • One-third of respondents reported that insider risk event occurrence increased in the past year, with a majority (40%) expecting events to increase going forward.
  • Two-thirds highly agreed that, “Data theft or data destruction from departing employees is a form of insider risk that is becoming more commonplace.”
  • Based on the level of insider risk per department, IT (ironically, most often tasked with detecting and remediating insider risk), was most identified (60%), followed by finance/accounting (48%), operations (44%) and senior leadership (40%). 
See also  Microsoft fixes Windows 11 encryption bug that can lead to corrupted data

Hybrid work a top culprit

Per the report, the number of businesses that are seeing increases in insider risk is far higher than those reporting declines. 

A few trends contribute to this, said Arsenault. First: The rise in hybrid work. Microsoft’s 2022 Work Trend Index found that hybrid work now accounts for 38% of the workforce. 

“That shift has fundamentally changed how we connect with each other,” said Arsenault. “It’s also created massive data estates spread across functions and platforms.” 

All of which brings inherent risk, he said. “The same tools we use to communicate and collaborate can open doors to data theft, sensitive data leaks, harassment, and other forms of inadvertent and malicious insider risks.”

Companies across the country are at a crossroads as flexible work evolves into a standard practice for many employers, said Arsenault. “And with these digital transformations come new challenges for security and compliance teams as employees increasingly rely on collaboration tools and platforms from locations around the world,” he said. 

Fragmented programs weak against sophisticated attacks

A second contributor is the increase in the size and sophistication of cyberthreats. Microsoft’s recent Digital Defense Report showed that cybercriminals overwhelmingly rely on successfully manipulating insider behavior to steal data, said Arsenault.

Thirdly is the response many organizations have to this expanded threat landscape. 

“A fragmented risk management program — one that over-indexes on negative deterrents, deprioritizes organizational buy-in, and treats the employee as a potential threat instead of a trusted partner — can drive the risks it’s supposed to mitigate,” said Arsenault. 

Microsoft undertook this report because it wanted to understand the costs of insider risk and how it can impact organizations, he said.

See also  Zero-trust market shows signs of maturity at RSA 2022

“But we also wanted to understand how to address it; what an effective response looks like,” said Arsenault. “And we found that the best risk management programs weren’t the most invasive, or focused on constraining employee behavior. They were focused on building trust, on balancing security and privacy, and on educating and empowering their workforce.”

Positive and negative deterrents

Still, many organizations cited challenges and negative consequences with insider risk programs. 

Many pointed to concerns over employee privacy rights (52%), loss of employee trust (51%), and general degradation of the working environment — investigations unfairly impacting employee careers and reputations, workplaces becoming more confrontational, negative impacts on employee retention and reduction in productivity. 

The report ultimately found that positive deterrents are proactive measures such as employee-morale events, more thorough onboarding, ongoing data security training and education, upward feedback and work-life balance programs. 

Negative deterrents check on and constrain employee behavior. This can include broad tools and solutions that block users from engaging with, accessing or sharing content — all of which can result in a more reactive environment.

Successful programs

The study developed the holistic insider risk management index (HIRMI), which identified three types of organizational risk management: “fragmented,” “evolving” and “holistic.” 

Fragmented organizations (or one-third self-identified in the survey) recognize the need for insider risk programs but are often misaligned on success measures. They see value in positive deterrents that reduce risk but have low current usage. They also think they understand what’s required to lower insider risk, but do not commit resources or gain company-wide buy-in, according to the survey.

See also  Fujitsu Cloud Storage Vulnerabilities Could Expose Backups To Attackers

By contrast, in holistic programs, privacy controls are used in the early stages of investigations. Holistic organizations get more buy-in from other departments such as legal, HR or compliance teams, per the survey. Leaders at holistic organizations also agreed that training and education are vital to proactively addressing and reducing insider risks. 

Other key characteristics of holistic insider risk management include more frequent use of positive deterrents and integrated tool usage. 

And, the tools deemed most useful in preventing insider risk: 

  • Extended detection and response (XDR)
  • Network detection and response (NDR)
  • Privileged access management
  • User activity monitoring
  • Incident threat management
  • Endpoint detection and response (EDR)
  • Security and information event management
  • User and entity behavioral analysis

Holistic versus fragmented

The study found that 29% of organizations treated insider risk in a “holistic” way. And, more than 90% of those categorized as holistic said a key element to success is striking a balance between employee privacy and company security. 

The ultimate key to establishing a holistic insider risk management program is building trust, said Arsenault. This means collaborating across functions, increasing employee training and awareness, and having strong privacy controls to ensure that employees feel respected and invested. 

“It’s critical for organizations to address insider risk. But it’s just as important that they do so in the right way,” said Arsenault. 

He added that, “the best risk management programs aren’t focused on constraining employee behavior. They’re focused on building trust, balancing security and privacy, and educating and empowering their workforce.”  

Source link

insider Microsoft prevalent risk
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Microsoft Layoffs, Amazon Layoffs, And What’s Actually Happening In Tech

January 20, 2023

Ex-Lululemon chief joins Seattle startup; Microsoft AI ethics leader now at Google – Startup

January 17, 2023

Flexport hires Microsoft CVP; Avalara adds chief revenue officer; and more – Startup

January 14, 2023

Microsoft Teams CVP joins UiPath; Sage Bionetworks names president; and more – Startup

January 12, 2023
Add A Comment

Comments are closed.

Editors Picks

DEUNA enters Latin America’s crowded one-click checkout sector flush with $37M – DailyTech

July 8, 2022

Wild west adventure Card Cowboy turns cards into weird and silly stories

September 18, 2022

How big data could form the cornerstone of the metaverse

August 9, 2022

SkorLife gives control of credit data back to Indonesian consumers – DailyTech

September 5, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Here’s how VCs are advising founders and assessing startups amid the tech downturn – Startup

What Is Blockchain? The Complete Startup Guide

Swap ‘I’ For ‘We’ In All Of Your Business Communications

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2023 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.