Insider risk management is equally important post pandemic
Source: Middle East Insurance Review | Jun 2021
Remote work over the past year has magnified challenges that companies face around protecting data exposure and file exfiltration from insider risk, according to a recent survey by Forrester Consulting.
Of the over 200 security professionals who participated in the survey, 74% felt that insider risk will only continue if proactive precautions are not taken.
The respondents felt that as companies exit the pandemic, security leaders will be challenged with new data security complexities.
The participants in the survey are all involved with their company’s data loss prevention (DLP) and/or data breach mitigation strategies and planning.
The major findings of the survey included:
- 66% of respondents experience data leaks due to insiders at least monthly;
- 82% of security professionals identify protecting sensitive company and customer data as a top priority;
- 71% of respondents agree that traditional approaches to DLP aren’t working; and
- 59% of respondents identified the need to pursue more holistic insider data risk management as part of their zero trust strategy.
Code42 president and CEO Joe Payne said, “In the waning months of the pandemic, we expect workforce turnover to increase. With that personnel movement will come a heightened risk to company data – source code, marketing plans, and customer lists are all digital and portable.”
Although companies are reprioritising insider risk, there are still significant roadblocks to implementation. Survey respondents identified the complexity of too many disconnected tools (75%), managing false positives (71%) and complexity of policy creation and deployment (67%) as top inhibitors of effective IRM.
Much of this can be bridged to improve security awareness across the organisation and help employees better understand appropriate data access and file movement. As such, 64% of firms say they will increase security awareness amongst employees in the year ahead.
As companies continue to adapt their security postures for modern working environments, insider risk management will increasingly become a focal point of successful data security strategies. M