INSIDER THREAT RISK MANAGEMENT
R&C: Could you provide an overview of insider threats, and the risks they present to companies of all sizes? To what extent have incidents involving insiders increased in recent years – particularly following the shift to remote and hybrid working arrangements?
Mohamed: It is well-known that employees are any organisation’s greatest asset. At the same time, however, employees pose the greatest risk to any organisation. This is because employees have first-hand access to an organisation’s systems as well as confidential and proprietary information. Employee behaviour has resulted in some of the most significant data breaches that organisations have experienced in recent years. In the last two years, the shift to remote and hybrid working arrangements has created greater risk of data breaches to organisations. This is because, in many instances, some organisations have been ill prepared to mitigate the risk associated with such working arrangements. For example, many employees working remotely may access company data using personal computers and mobile devices with ineffective cyber security controls or unsecure network access points, such as unsecured public WiFi hotspots.
Salminen: Insider threats related to employees violating policies or handling data negligently have massively increased during the shift to remote working. Malicious insider threats have also increased, as employees perhaps become less emotionally vested in their employers while working remotely, but that increase appears to be smaller than the increase in negligent data handling and policy violations related to remote working.
Oct-Dec 2022 Issue
CMS RM Partners Inc
Cooley
Hogan Lovells
Norton Rose Fulbright Canada LLP