Work on demand – the so-called gig economy – a phenomenon that goes well beyond food delivery and package delivery in general, is redefining the corporate workforce. This year, an unprecedented number of organizations issued affidavits or to employees not employed. According to estimates, the percentage of workers gig and economy in the United States in the course of 2020 was 43%. The growth trend also affects our country, so much so that, according to INPS estimates, i gig workers in Italy would be about 1.6% of the population , for a total of almost 590 thousand individuals .
This greater dependence on collaborators and freelance port but with s is new risks of internal threats .
According to Deloitte, 87% of companies had an accident linked to an external consultant or contractor, much to impattarne l ‘ activities. Why? Co-workers, the avoratori on call, service providers and consultants often need remote access to sensitive corporate resources to do their jobs. However, many companies do not apply to these figures the same security principles used for internal employees. This increases the exposure of organizations – particularly if adequate controls are not put in place, to protect you from security breaches arriving from within.
There are three elements in particular to keep in mind about insider threats when it comes to the gig economy .
1. Most insider threats are accidental
Not all threats that come from within are bad . According to Ponemon , 61% of the internal threats is causat or from errors of an employee or contractor . However, the external collaborators may not have visibility into pole cy security companies, while it is important that all, including contract workers, are informed.
However, even poles cy security IT restrictions are not necessarily the answer. The hybrid team composed of employees and contractors have access to cloud-based solutions and other critical systems to do their job effectively. Too many restrictions may make people seek a way to evade the rules, leading to even greater risks. The security team should instead focus on building a comprehensive program of internal threat management (ITMP , Insider Threat Management Program ).
2. Internal risk varies by role
Co-workers and contract workers help companies add specialized talents without the costs fixed total of salaries and benefits . The risks associated with these roles can vary by department as well as responsibilities and level of access. For example, a database to d ministrator has the keys of critical infrastructure that might cause a serious breach of security in the event of improper use of credentials. An expert advisor can have access to plans of intellectual property or product sensibil while a contractor who deals with graphics for the marketing department is certainly less dangerous .
Each department should co noscere the specific risks related to a labor contract. Security teams need to be extremely vigilant of employees with privileged access. In addition, all workers must know and follow the best safety practices specific to their role. For example, the database administrator of the above may be used to rotate credentials to reduce the risk of compromise on ission accidental.
3. Visibility on data and people is essential
As anticipated , a comprehensive ITMP program should include people, processes and technology to proactively protect organizations from risk. From a technological point of view, there is a need for visibility into the activity of the external collaborator and of the data. This approach helps security teams to .
Understanding the context that affects a user's motivations. See where the data is moving and why. Identify concrete signs amidst the background noise of security alerts .