In the context of current global economy, temporary, flexible jobs are very common, and businesses these days tend to recruit freelancers and independent contractors/consultants rather than full-time employees. Last year, more companies have relied on non-employee workers than ever before. Projections had set the number of U.S. gig economy workers at 43 percent for 2020. This increased focus on freelancers and third-party personnel means new threats of attacks by insiders.
According to Deloitte, 87 percent of companies have witnessed an incident with a third party that disrupted their operations. Gig employees, vendors, service suppliers, and consultants also need remote access to critical corporate resources in order to do their job. However, many companies do not apply the same security principles to third parties as they do to internal employees. This increases organizational exposure, particularly if proper controls are not put in place to safeguard against insider-led security breaches.
Outlined here are three important things you should know about insider threats in today’s gig economy:
1. Most insider threats are unintentional.
Not all insider attacks are malicious. According to Ponemon, 61 percent of insider attacks are caused by failures of employees or contractors. Employees in the gig economy have little insight into the organization’s security policies. Everyone in the organization, including contract staff, should understand the cybersecurity policies that apply to their job.
Even so, restrictive cybersecurity policies are not the solution. Mixed teams of staff and contractors need to access cloud-based solutions and other critical systems to do their work efficiently. Too many restrictions can make people operate around the rules, which can lead to much greater risks. Security teams can now focus on developing a comprehensive mitigation program for insider threats.
2. Insider Risks Differ By Role
Without the fixed salary and benefits expenses, contract workers assist organizations in adding professional expertise. The risks of such employees can vary, depending on the department, as well as the responsibilities and level of access. A contractual IT administrator, for example, will have access to the company’s most sensitive databases. If this access is misused, then all the company’s confidential data may be violated.
Each department should consider the unique risks of the contract labor force. Security teams should be extra vigilant with respect to third parties with privileged access. In addition, all workers should be aware of and follow security best practices relevant to their jobs.
3. Granular Visibility Into Data And User Behavior Is Key
Individuals, procedures, and technology should be protected by a robust insider threat prevention program. Many of the above recommendations for individuals and processes would shield organizations from risk proactively. From a technology perspective, organizations need insight into both third-party users and data actions. This technique assists protection teams with:
- Understanding the context underlying a user’s intentions.
- Knowing where the data is moving and why.
- Distilling accurate signals from the noise inside the security alerts.
As for corporate cybersecurity, insider attacks are a real threat. Thankfully, data protection solutions that arm companies with a wide range of best-in-class security features are available. In addition to maintaining robust data protection, these solutions allow organizations to adhere to mandatory data privacy guidelines as well.