The new normal has enhanced digital transformation and amplified risk. Organisations need to address insider security to achieve lasting resilience.
Covid-19 has accelerated digital transformation across every sector and organisation in the UK. It forced a previously unseen mass shift towards enhancing digital services, with particular emphasis on communication and data transfer between colleagues and with customers. Digital transformation is not a new topic, but it has never been so ubiquitous and so urgently needed for business resilience. Now, in direct response to the current environment and the way companies operate, the need to digitise business processes has become a board-level priority.
As a result, we’re creating and sharing more digital data than ever before. Conservative estimates put the growth in unstructured data records at 55 to 65 per cent every year, and it’s predicted that by 2024, 80 per cent of all organisations’ data will be unstructured.
But these estimates don’t take into consideration the impact of the Covid-19 pandemic, which has resulted in the highest levels of remote and flexible working ever seen, and ongoing service delivery at a distance that requires digital communication mechanisms in place of face-to-face interactions and reliance on physical data sharing. And let’s face it, we all know we won’t be going back to the old ways of working post-pandemic.
This unprecedented transition to digital has significantly amplified risks to data security – and in today’s environment of heightened consumer awareness and increasingly litigious culture, organisations that fail to protect data face severe financial and reputational impacts.
Digitalisation increases human-activated risk
Before the pandemic, our 2020 Insider Data Breach Survey revealed that 78 per cent of CISOs said employees had put data at risk accidentally in the last 12 months, and 75 per cent said they’d done so intentionally. And in May 2020, the Information Commissioner’s Office (ICO) released statistics that showed misdirected email as the UK’s number one cause of reported security incidents, and a 20 per cent bigger risk than phishing attacks. This is in line with the ICO’s findings showing that human-activated risk is the primary cause of data breaches.
So, if we’re creating and sharing more unstructured data than ever before, these statistics are only going to head in one direction if something doesn’t change.
And we can’t change people. They are always going to make mistakes – they will attach the wrong file to an email, put the wrong recipient in the “To” field, and accidentally click on malicious links without realising. They’ve been doing it for years and they’re not going to stop any time soon!
Mitigating insider risk has previously been a difficult problem to solve. Why? Because we’ve previously relied on static technology solutions that simply can’t cater to the changes that have happened over the last decade to the way sensitive data is created, stored and (most importantly) shared. These solutions take a binary approach to protecting data that can’t react to the changes to human behaviour brought about, for example, by stress, tiredness or remote working.
Ultimately, organisations need to hardwire a new approach to security into their digital transformation to truly address insider breach risks.
Security that fits your people
If we go back to the crux of the problem with traditional DLP solutions: they are simply unable to understand human interactions and behaviour to spot when something abnormal is happening.
But there is an alternative – and it’s one you need to examine today to keep your organisation operating tomorrow.
It’s a new category of technology called human layer security, which leverages contextual machine learning technology to provide advanced data loss prevention (DLP). Because it’s built using intelligent technology, human layer security is able to deeply understand an individual user’s behaviour and their relationships. Not only does this have the benefit of providing a personal safety net to each employee at a granular level you couldn’t previously achieve, but the technology will also learn over time and adapt to changes in the way that an individual works, without requiring admin intervention to update policies.
Hardwiring this intelligent security into digital transformation so employees can work securely means you can protect your organisation from the security breach that threatens your ongoing operational success. Measure your email data breach risk.
Investigate 365 is a free tool available from the Azure marketplace that scans historic email data within your Microsoft 365 environment to show you how many breach incidents have occurred in the last 12 months. Find out more here.
by Sudeep Venkatesh, Chief Product Officer at Egress