Recently, there has been considerable coverage of “bossware” and a focus on draconian types of “surveillance” some companies are using to stay on top of remote and flexible workforces. Articles claim companies are accessing the camera on laptops and tracking every movement so that employees can’t even go to the bathroom. In 1992, the New York Times ran a long article about Caller ID and how the new technology was an invasion of privacy.

Globally, 67% of companies experience between 21 to 40 insider-related incidents per year, according to Ponemon Institute’s The Cost of Insider Threats 2022 report. The same report reveals that the frequency and cost of insider attacks have increased significantly over the past two years. Insider threats are one of the tougher attacks to predict and prevent, because of the difficulty in identifying insiders.

Insider risks are threats that already have access to an organization’s sensitive information. They are people who have physical access to the organization’s buildings and credentials to sign-on to the network. But maybe more importantly, they’re familiar with the organization’s processes, they speak the company lingo, and they know where the important assets reside.

The COVID-19 pandemic has forced organizations to temporarily transition to remote work environments. Two years have passed, but the remote work trend is still with us, with over 75% of people worldwide working remotely at least once a week. As telecommuting concerns more cybersecurity experts around the world, some security officers still make drastic mistakes in configuring and managing remote environments.

Multiple reports show that people don’t take the necessity to pick secure passwords for their login credentials and personal devices seriously enough. According to Verizon’s 2022 Data Breach Investigations Report, 80% of incidents resulting from hacking attacks involved weak and compromised passwords. These findings make us wonder whether confirming a user’s identity just once at login is enough. Should this be a repeated procedure?

Personal data remains attractive for malicious actors and cybercriminals. As they evolve their methods for stealing and compromising such data, implementing sufficient data protection measures is especially vital for any organization. In some industries, protecting personal data is a must to comply with privacy laws and regulations. But even if your organization is not subject to a particular data privacy requirement, it’s highly recommended to secure the data of your customers and employees.

Many enterprises perceive cyber-attacks as malicious actions predominantly executed by external actors. Enterprises devote time and budgets investing in methods to bolster their security perimeters against external threat actors. However, it is equally important for these organizations to remember that many cyber-attacks, which cost millions in losses, originate through an internal compromise.

In Q3 2022, Kroll saw insider threat peak to its highest quarterly level to date, accounting for nearly 35% of all unauthorized access threat incidents. Kroll also observed a number of malware infections via USB this quarter, potentially pointing to wider external factors that may encourage insider threat, such as an increasingly fluid labor market and economic turbulence.