By all accounts, 2020 was a bad year for cybersecurity – especially data breaches caused by insider events. In fact, the number of insider incidents has increased 47% in the last two years, according to the Ponemon Institute’s Cost of a Data Breach Study. As bad as that is, if the predictions of a global research company hold true, it’s about to get even worse.
By a magnitude of 8%.
In its Predictions 2021 white paper, Forrester is forecasting an 8% increase in insider incidents caused by accidental data misuse or malicious employee intent. The reason for this increase, Forrester says, is a confluence of factors brought on by the pandemic, including the ongoing prevalence of remote work, employees’ job insecurity, and the ease of moving company data through the proliferation of portable media.
What makes Forrester’s prediction particularly stark is that the price tag associated with insider threats is on the rise, too, with the average insider incident now costing organizations $11.45 million, according to the Ponemon study.
That’s not all. Information security officers are in for a rough year, Forrester predicts, especially with smaller IT security budgets and employees more willing to turn to social media to broadcast management decisions. “Expect such repercussions to hit CISOs, given the rise in visibility of the role,” the white paper’s authors write. “Leaders that create, tolerate, or ignore hostile cultures are on notice that 2021 will be a year of reckoning.”
The Risk of Portable Media
Of the three major factors cited above – remote work, job insecurity, and the ease of moving company data – it is the latter of the three that organizations can address immediately. After all, the new work-from-home era created by COVOD-19 is not going away anytime soon. Neither is perceived job insecurity, as companies large and small grapple with sales and revenue issues brought on by the pandemic.
These are longer-term issues that are best resolved by cultural transformations – which will be years in the making. However, the short-term, immediate issue of using portable media to move data from device to device can be resolved now.
Portable media devices such as USB flash drives, smartphones, music players, SD cards, and external hard drives are ubiquitous. It is likely that you own at least two of these devices – and probably more. While all portable media have inherent dangers, USB flash drives and external hard drives pose the greatest threats, as they allow employees to copy and transfer data, take that data off site, and conduct business outside the secure perimeters of your information technology network.
Even before the pandemic, portable media posed a significant risk. For instance, in 2019, Canadian banking group Desjardins suffered a data breach that affected some 2.7 million people and around 173,000 companies. The stolen information included names, addresses, dates of birth, social insurance numbers, email addresses, and information on customers’ transaction habits. The source of the breach? An employee with “ill-intention,” according to Desjardin.
How to Minimize Your Risk
To ensure that your organization isn’t brought down by a cyberattack whose origin is an insider – either an unsuspecting employee or a bad actor – you must make the ports on your computers inaccessible. USB port locks, network module locks, LAN cable locks, and secure USB hubs for your attached USB devices are inexpensive devices that effectively thwart both malicious and negligent insiders.
A perfect storm for insider threats is brewing. The question is, are you in the storm’s direct path. Unless you take steps today to protect yourself, the answer to that question is, “Yes.”