New Atech research shows 92% of all Security Operations Centre (SOC) alerts originate inside client organisations

According to Atech’s new research, threats classed as being from outside an organisation number just 8% of the total threat landscape for an average firm, meaning 92% of all security events originate from within an organisation’s own network. Insider threats are far more complex than just event driven negative employee actions.

The impact of hybrid working

One Ten Associates recently published their 2022 Compensation Report, detailing that if a job role does not offer an element of hybrid or remote working, the candidate choice for the role drops by as much as 40%. With that in mind, most firms in the alternative investment sector do and will continue to offer a hybrid working environment. With that comes increased vulnerability to cyber threats. Increased numbers of endpoints, logins from multiple networks and increased data sharing means there has been a sharp increase in security threats coming from within a firms’ own network, intentionally or unintentionally.

Firms who stress test their networks with active employee engagement and make cyber awareness part of the day to day are shown to have employees who are more tuned in and aware of what to look for in an attack . Making employees part of the solution and threat resistance model reduces risk of human error and increases security. Setting principles, procedures and goals to empower individuals to understand the threat landscape as it changes will result in a team who are more likely to follow governance guidelines, whether inside or outside the office environment. ML and AI can monitor behaviour patterns of users and flag administrators when unusual activity takes place but layering security platforms with well-informed employees provides additional visibility to the network day to day.

Hybrid working must not only be secure, but also frictionless. Platforms that allow users to move through their working tools efficiently will limit the possibility that an employee will stray from guidelines and make use of a third-party platform when internal systems aren’t delivering what they need quickly and effectively enough.

Identity management and its pivotal role

Empowering employees to collaborate remotely should start with a review of how tasks are currently carried out, what current workflows are in place, what can be additionally automated and what tools can be made redundant. Taking an inventory and understanding platform capabilities fully with guidance from your IT provider is a great start. An entire review of cloud architecture often reveals issues with shadow IT and unauthorised use of third-party platforms; particularly chat messaging apps. Some of these issues can be managed with appropriate adoption and change management processes in place. However, an identity-based security model is key to ensuring you detect suspicious user and sign-in behaviour in your environment.

The FCA, and all other regulators, expect regulated entities to have complete visibility of internal communications not only to monitor for insider trading threats but cyber threats too. In a Market Watch communication, the FCA state “Risks from misconduct may be heightened or increased by homeworking. This includes increased use of unmonitored and/or encrypted communication applications (apps) such as WhatsApp for sharing potentially sensitive information connected with work. Use of such apps can present challenges and significant compliance risks, since firms will be less able to effectively monitor communications using these channels.” Tech firms have all but caught up with this consequence of hybrid working and can provide excellent solutions to keep full visibility and monitoring in place, but this is still reliant on a firm providing its employees with a frictionless and collaborative working experience.