Report Heralds Perfect Storm for Insider Threats in 2021

In the coming year, data breaches caused by insiders will significantly increase due to a confluence of factors brought on by the pandemic, according to a new guide from Forrester.

Insider incidents may be caused by accidental data misuse or due to malicious employee intent, and a guide the firm released Monday on cybersecurity in 2021 predicts an 8% uptick in such cases.   

The guide paints a tough road ahead for organizations’ chief information security officers. They’ll be under a lot more pressure due to smaller budgets, Forrester said, as well as increased scrutiny due to more employees sharing management practices over social media, resulting in some high-profile firings.  

“Expect such repercussions to hit CISOs, given the rise in visibility of the role,” the guide says. “Leaders that create, tolerate, or ignore hostile cultures are on notice that 2021 will be a year of reckoning.”

Forrester highlighted three major factors contributing to its prediction around insider threat:  “the rapid push of users, including some outside of companies’ typical security controls, to remote work as a result of the COVID-19 pandemic; employees’ job insecurity; and the increased ease of moving stolen company data.”

The guide notes that the overall number of insider threats will also increase as firms get better at identifying and attributing incidents to related activity, and advises keeping the humanity of their workers front of mind.

“Leading CISOs will put a greater focus on insider threat defense while emphasizing improved employee experience — not treating users like machines — to avoid turning employees into malicious insiders,” the report reads. “Considerations for employees’ privacy, company culture, and local standards for lawful, fair, and acceptable labor practices are key to the success of your insider threat program.”

Forrester anticipates employee privacy lawsuits in the U.S. will also increase over the next 12 months.

“Given the corporate practices and policies that often limit or deny employees a right to privacy, the battle to determine what is a reasonable expectation of workplace privacy will be fought in the courts,” the analysts wrote.

Senior leaders from various departments will be going up against each other for their share of dwindling budgets due to the pandemic. Forrester sees those looking to get an edge on the competition during the crisis—30% of firms—spending even more on cloud, security and risk, networks and mobility.  

Firms with chief information officers focused on the employee experience will fare best, the analysts expect.  

They’ll “attract, develop, and retain talent that can provide competitive advantage in a critical year,” Forrester said, adding “they will make the needed investments to foster social collaboration, make information easier to find and use, and provide security that’s less distracting.” 

Similarly, those heading up Human Resources will be in a prime position to make a case for putting more dollars toward ways to analyze and react to workforce data, including with the help of artificial intelligence, the analysts said.

The guide predicts, “HR will have a compelling argument: chief among their new interests will be using these tools to boost employee wellness.”