As cyber criminals and hackers ramp up their attacks on businesses amid coronavirus-related disruption, companies are also facing another equally grave security threat: their own employees. 

Companies are increasingly turning to Big Brother-style surveillance tools to stop staff from leaking or stealing sensitive data, as millions work away from the watchful eyes of their bosses and waves of job cuts leave some workers disgruntled.

In particular, a brisk market has sprung up for cyber security groups that wield machine learning and analytics to crunch data on employees’ activity and proactively flag worrying behaviours.

“We’re seeing people say, ‘I need better visibility into what my employees are doing with all of our data at home’,” said Joe Payne, chief executive of cloud security group Code42, which tracks and analyses employees’ activity on work devices. The group examines factors including when an employee typically works, what files they access and how much data they download. 

“[Employers can ask] — if we have 10,000 employees, can you tell us who the most high-risk people are?” he said, adding that his company was handling a rise in cases of data theft among clients. 

Insider threats

According to Mordor Intelligence, the $1.2bn data loss prevention market is set to balloon to $3.8bn by 2025, as many businesses migrate their data to the cloud.

So-called insider threats encompass employees unintentionally sharing private data outside of workplace networks, but also the deliberate stealing of data, typically motivated by financial opportunity or a grudge against an employer. Rarer, but a growing issue, is intellectual property theft and espionage on behalf of foreign governments.

Already more than a third of data breaches involve internal actors, according to a 2019 Verizon analysis of more than 40,000 incidents. At an exclusive meeting of top corporate cyber security heads at RSA, one of the largest cyber security conferences earlier this year, delegates labelled insider threats as their number one concern, according to one person in attendance — above nation state activity and threats from cyber criminals. 

Traditionally, groups such as McAfee have offered tools that detect and block the exfiltration of sensitive data automatically. But there are also newer groups that seek to proactively alert employers to anomalous activity through behavioural analysis of data — which can involve screenshots and keystroke logging — and then place the onus on those employers to act in a way they see fit.

Falling under this category, Code42, Teramind, Behavox and InterGuard all told the Financial Times that they were seeing a rise in interest from potential clients under lockdown. 

“There is an increase [during this pandemic] in people trying to steal intellectual property — reports or valuable HR data, client lists,” said Erkin Adylov, chief executive of artificial intelligence group Behavox, which in February raised $100m from SoftBank’s Vision Fund 2. 

Its software analyses 150 data types to produce insights about employees’ behaviour, including using natural language processing of email and workplace chats to assess “employee sentiment”, he said. “Maybe there is uncertainty about [whether] the people are going to [keep] their job,” Mr Adylov added. 

“The market is moving very fast. I would say it’s probably growing at a clip of 100 per cent a year. The demand is outstripping supply,” he said. 

State adversaries

The risk of nation states opportunistically grooming employees for cyber espionage purposes is also a growing threat, several experts said. The issue was thrust into the spotlight recently when US officials last year charged two Twitter employees with mining data from the company’s internal systems to send to Saudi Arabia.

“If I were a nation state actor [involved in cyber espionage] . . . certainly this is an opportunity to exploit some realities that exist. This is a heightened environment,” said Homayun Yaqub, a senior security strategist at cyber group Forcepoint.

You need to be aware as a business and a technology of the creepy line

Omer Tene, International Association of Privacy Professionals

Executives at Strider Technologies, which wields proprietary data sets and human intelligence to help companies combat economic espionage, said it was seeing more recruitment of foreign spies, particularly by China, take place online under lockdown, rather than at events and conferences. “We’re providing [customers] with the capability to respond to that [changing] adversary tactic,” said chief executive Greg Levesque. 

Nevertheless, critics argue that the technology is still nascent and further investment is needed to develop a more accurate understanding of what risky patterns of behaviour look like.

And while employers have long been able to legally monitor emails and web activity for signs of external cyber security threats, for some there is a discomfort about the privacy and trust implications of using such tools on staff.

“It’s intrusive, it’s not very culturally palatable,” said former US army intelligence sergeant and former Palantir executive Greg Barbaccia. “To me, the insider threat is a cultural human problem. If someone wants to be malicious . . . you need to solve the human problem.”

Omer Tene, vice-president of the International Association of Privacy Professionals, said: “Data breaches have been a huge issue. It’s understandable why businesses would want to protect against that. I wouldn’t be alarmist.

“But you need to be aware as a business and a technology of the creepy line,” he added. “Are you doing anything . . . unexpected that will trigger backlash?”