Cybertalk in Youtube https://www.youtube.com/watch?v=uZYP1PZbzqU
Cybertalk in Linkedin: https://www.linkedin.com/posts/madhukeshwarb_cybersecurity-hybridwork-activity-7070594569712652288-_6ky?utm_source=share&utm_medium=member_desktop
When I saw a friend of mine crunching sensitive financial data from home, it took me back to the times when we were not even allowed to carry camera phones into ODC (Offshore Development Centers)! Organizations that were averse to work from home culture, were forced to go 100% remote during the pandemic.
Although employees have started returning to the office, the hybrid work culture seems to be the new normal. As per Microsoft research, hybrid work is inevitable; 66% of the leaders say that their organizations are redesigning office space for hybrid work, 73% of employees want the flexible remote working model to continue, and 67% want the in-person working model as per the Microsoft research.
Insider Threat
Just because hybrid work culture is picking up, does it mean that the insider threat has disappeared? As per the IBM 2019 survey, 31.5% of the cybersecurity occurrences were from malicious insiders, and 23.5% were from non-malicious insiders.
A professional hacker might have all the tools and technical knowledge to harm your IT systems externally. However, a bad intentioned insider i.e. someone who has got access to your IT systems is even more harmful.
Insider threat is quite a serious security risk to be mitigated with well-crafted security controls. Examples of insider threats could be a disgruntled employee, contractor or ex-employee who still has access to IT systems due to loopholes. These people may cause serious damage such as leaking sensitive information to a competitor, making use of confidential information for illegal purposes and many more ways to cause damage to the organization. Even inadvertent acts by well-intentioned employees could cause serious financial and reputational damages to the organization. Thus, the organizations need to take the insider threat very seriously.
In a hybrid work model, employees and contractors will work from both office and remote locations. Office set-up is a controlled environment with required monitoring enabled. Security policies are enforced rigorously and in fact, employees tend to follow the policies implicitly too. However, human behaviour is impacted by our surroundings and our physical location. As per a social psychology article, people will change their behaviour to align with the social situation at hand. For example, an employee might not take a photograph of the laptop screen when in the office, but behaviour could be different at home!