A third (33%) of all data breach incidents in 2021 are expected to be caused by insiders, according to the latest Forrester Cyber Security Predictions report.
This will be an 8% increase compared to 2020, during which 25% of data breaches were deemed to be caused by internal incidents, based on predictions made by respondents to a Forrester security survey. This includes accidental incidents, as well as those caused by malicious intent.
The increase in insider incidents is likely to be caused by the unprecedented change in working environments from the office to remote working during nationwide lockdowns. Other contributing issues outlined by Forrester include the ease with which data can be moved as well as the general fear of being made redundant.
The report found that, while “firms add capabilities for detecting insider threats, they will also be able to identify and attribute more incidents to insider activity than they were previously”.
Forrester analysts recommended focusing on insider threat defense, as well emphasising “employee experience to avoid turning employees into malicious insiders”.
“Remember that trust is not a control,” they added.
Forrester also predicts that the retail and manufacturing industries should expect more data breaches due to the direct-to-consumer shift caused by changing consumer buying habits. Although such changes had been observed for some time, they been accelerated during the coronavirus pandemic, with many customers having their first experience with digital payments due to the government-enforced closures of physical shops.
Senior Forrester analyst Anjali Lai said that as many as “62% of US online adults had performed some kind of online transaction for the first time as a direct result of the COVID-19 pandemic”.
The Cyber Security Predictions report warned that “brands that once went to market via retailers and distributor supply chains face disruption, forcing them to now sell directly to consumers”, adding that “more customer-facing applications means more code, and more code means more risk”.
“This shift requires companies to expand their attack surface by adding digital storefronts and marketplaces and adopting new engagement models.”
That is why businesses shifting to a direct-to-consumer approach are advised to “prioritise product security, build a developer champions program, and explore breach and attack simulation tools”.
-
Asus ZenScreen Fold OLED MQ17QH reviewReviews A stunning foldable 17.3in OLED display – but it's too expensive to be anything more than a thrilling tech demo
-
How the UK MoJ achieved secure networks for prisons and offices with Palo Alto NetworksCase study Adopting zero trust is a necessity when your own users are trying to launch cyber attacks
-
Capita handed £50m London police contract weeks after losing pension dataNews The outsourcer will provide digital fraud reporting services after its cyber incident disclosure drew criticism
-
Supercharge trust for operationsWhitepaper Innovating through uncertainty
-
Western Digital suffers cyber attack, shuts down systemsNews Customers are taking to Twitter to report they’re unable to log into their storage products through Western Digital’s online portal
-
Lazarus blamed for 3CX attack as byte-to-byte code match discoveredNews Additional analysis suggested 3CX developer teams ignored "red flags"
-
Some GitHub users must take action after RSA SSH host key exposedNews One cloud security expert likened the incident to the infamous HeartBleed bug from 2014
-
Latitude hack now under state investigation as customers struggle to protect their accountsNews The cyber attack has affected around 330,000 customers, although the company has said this is likely to increase
-
Four-year-old iframe flaw allows hackers to steal Bitwarden passwordsNews The password manager has known about the issue since 2018, publicising it in a report in 2018
-
WH Smith hit by cyber attack, current and former staff data accessedNews The company stated that it is notifying staff members who have been affected
