Roughly a year into this "new normal," the vast majority of companies are labeling the remote work shift a resounding success — improving productivity and accelerating their digital transformations. But that success comes at a cost: Employees are a whopping 85% more likely to leak sensitive files and data now than they were before the COVID crisis hit, according to the recently released Code42 2021 Data Exposure Report (DER). The report found that 3 in 4 organizations experienced at least one data breach involving the loss of sensitive files in 2020. And while we all read the scary headlines on surging cyberattacks in the wake of the remote work shift, IT security leaders say employees (intentional or otherwise) were the biggest cause of data breaches — ahead of external actors.
The Insider Risk problem won't go away with a return to the office
The biggest change in the IT security world wasn't about where employees were working — it was all about what they’re doing. Workers are connecting remotely (only using the VPN 10% of the time, according to Code42 research), using cloud collaboration and web-based productivity apps to zing files and data back and forth. They're downloading, uploading, emailing, messaging, syncing, sharing, DropBoxing, Google Driving, AirDropping and more — all day, every day. The world will return to normal (someday…), but businesses will hold onto the advantages of a flexible, cloud-collaboration-powered workforce. And that means the Insider Risk problem won't just disappear. The Code42 2021 DER found that 6 in 10 IT security leaders believe Insider Risk will increase, or increase significantly, in the coming years.
A new world of risk — a new paradigm of risk tolerance
The thing is, most CISOs recognize that this shift in the way we work has been percolating for several years now. Organizations are increasingly building competitive advantage through cultures rooted in speed, agility, collaboration and rapid innovation. And this requires a new understanding of risk tolerance — new calculations in balancing the need to empower speed and agility with the need to secure and protect all that fast, agile innovation. The pandemic was just the force accelerator that pushed this paradigm shift past the inflection point. All organizations are now tolerating some level of Insider Risk in order to enable the agility, speed and innovation required to survive and thrive in today’s business climate. Even the U.S. State Department — one of the most conservative, high-security organizations in the country — acknowledged, "We have a risk tolerance now." This has led Gartner to create entirely new category of data security solutions to address this new reality: Insider Risk Management*.
Conventional security infrastructure can't handle the nuance of risk tolerance
For CISOs and IT security leaders, 2020 was a triumph in rapidly adjusting to support remote work and maintain business continuity. But 2020 also laid bare the failure of existing security infrastructure, up and down the stack, to keep up with today's digital workplace. Conventional, policy-based blocking tools like DLP and CASB aren't designed to handle the nuanced game of risk tolerance and Insider Risk Management. Old, black-and-white notions around insider threat prevention are leaving security teams in a lose-lose situation: The 2021 Code42 found most IT security leaders say they’re fielding daily or weekly complaints that employees' legitimate activity is being blocked. At the same time, conventional security tools are leaving blind spots to new ways of moving files and data, and most IT security leaders say they’re not able to see those blind spots.
2021 isn't just for cleaning up — it’s a chance to plan for what’s next
As they clean up the data security risks of the reactive strategies put in place in 2020, security teams should be careful not to take a similarly ad hoc approach to plugging the gaps. We all need to work toward forward-thinking security postures that can keep up with the fast-moving, collaboration-driven culture C-suites are fostering. Security teams need technologies and processes to better identify risky behaviors without inhibiting collaborative culture and employee productivity. We need technologies that flag Insider Risk indicators, such as working off-hours, changing file extensions, having access to the files of a highly confidential project or resigning from the organization.
The key is context. The new paradigm of Insider Risk Management is all about nuance, and security teams need to see the context — around the data, the vector and the user — in order to walk the line between managing Insider Risk and enabling the speed and agility that are critical for their business.
*Gartner Market Guide for Insider Risk Management Solutions, Jonathan Care, Brent Predovich, Paul Furtado, 29th December 2020.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
