Summary List PlacementBusinesses are increasingly grappling with the hardest cyber threats to defend against: the ones that come from inside their own company.
Insider threats are on the rise — with a growing number of data breaches linked to internal actors — according to a Forrester report that estimates that one third of breaches in 2021 will be caused by insiders.
With the risk of insider threats exacerbated by increased remote work amid COVID-19, cybersecurity teams are beefing to meet the rising need. In the past month, organizations ranging from the Department of Defense to SpaceX to IBM posted new openings for insider threat analysts.
FireEye, a $4 billion cybersecurity firm, has provided clients with insider threat analysis for years, but is currently hiring a new insider threat analyst to meet growing customer demand, according to Jon Ford, managing director of FireEye’s Mandiant Professional Services. FireEye is building out its insider threat security-as-a-service offering, which routinely reviews clients’ systems for potential threats.
COVID-19 has greatly expanded organizations’ risk of insiders leaking sensitive information — at times unintentionally — in part because of the blurring boundaries between the corporate and the personal. Remote work has pushed work-related data beyond offices and onto employees’ home networks.
“The work-from-everywhere environment is probably here to stay,” Ford told Insider. “In a big way, organizations realized, ‘What does our workforce look like now and how do we secure the data from a much further network boundary?'”
For some firms, headlines about the massive SolarWinds hack in recent months could also spur greater defenses against insider threats. The attackers behind the breaches used a supply chain attack, compromising SolarWinds software and exploiting its customers’ trust in the product to breach their networks. As companies increasingly rely on outside vendors for IT services and cloud computing, they must grapple with a wider pool of potentially risky players inside their networks.
“When you make a decision to rely on a third party, you’re in essence outsourcing your trust in your security with that third party,” said Simone Petrella, CEO of the training firm CyberVista. “SolarWinds has opened a lot of companies’ eyes to that reality.”
Additionally, sophisticated nation-state hacker groups have shown a growing willingness to exploit unknowing insiders, or attempt to recruit support from organizations’ employees in order to steal data, Ford noted. The FBI and the Department of Homeland Security warned last year that nations including China were working with employees of COVID-19 research centers in the US order to steal secret research data. The year prior, two Twitter employees were charged by the FBI with spying on users on behalf of Saudi Arabia.
“As we have found during our breaches, some of these insiders are at the top levels of the company, they are the ‘watchers of the watchers’ that are supposed to be watching the employees,” Ford said. “And in some cases, it’s not just one person — they are working cooperatively with others within an organization.”
Companies aiming to hire more insider threat analysts will face an industry-wide talent gap, a perennial problem in cybersecurity as job demand outpaces the number of trained candidates. Petrella says analysts with experience in network architecture will likely be best suited for the job, but that companies hiring in-house analysts will likely need to foot the cost of training that person to meet their organizations’ needs.
“There’s this assumption that talent just going to externally be grown by universities or external training providers, and then companies just get to sit on the other end and collect them. But in reality that’s often not the case,” she said. “You need to actually make extra investments to bring them up to speed so that they are truly job capable.”Join the conversation about this story » NOW WATCH: Inside London during COVID-19 lockdown