{"id":7248,"date":"2025-03-28T12:32:07","date_gmt":"2025-03-28T12:32:07","guid":{"rendered":"https:\/\/dssi.pt\/news\/"},"modified":"2026-01-21T12:04:05","modified_gmt":"2026-01-21T12:04:05","slug":"news","status":"publish","type":"page","link":"https:\/\/dssi.pt\/en\/news\/","title":{"rendered":"News"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
<\/div>\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

News <\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Here you'll find the latest updates, news and most relevant events on technology!<\/b><\/p>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/header>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Stay on top of the main events, innovations and trends in the market, as well as updates on projects and initiatives.
<\/b>Follow us so you don’t miss any news!<\/b><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t

\n\t\t\t\t\t
\n\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

When most security teams think about insider risk, they immediately picture the malicious actor: the disgruntled employee downloading a customer list before quitting, or the rogue developer leaking source code to a competitor. Those scenarios are real and dangerous, but while malicious insider activity gets the most attention, the greater and more persistent risk comes from well-intentioned employees whose routine actions and blind spots accidentally put sensitive data at risk \u2014 often without anyone realizing it.<\/p>

Insider risk isn\u2019t just about intent. It\u2019s about context, access, and misaligned incentives. And while most organizations think they have \u201cgood policies\u201d in place, the real risk lives in the space between written rules and lived behaviors. That\u2019s where visibility gaps emerge and where insider threats thrive.<\/p>

In this post, we\u2019ll break down the lesser-known, but incredibly common,\u00a0insider risk\u00a0gaps that organizations tend to overlook. If your\u00a0insider risk program\u00a0feels solid on paper, consider this a reality check. What follows isn\u2019t about bad actors or headline-worthy breaches, but the everyday patterns of work that quietly create exposure long before anyone realizes it.<\/p>

Offboarding: The Soft Underbelly of Insider Risk<\/strong><\/p>

Let\u2019s start with one of the most obvious, but least consistently executed, vulnerabilities:\u00a0employee offboarding. Many companies don\u2019t immediately revoke access when someone leaves. Maybe HR notifies IT a day late. Maybe it\u2019s a slow Friday and the admin queue doesn\u2019t get touched until Monday. Maybe a contractor wraps up a project and their credentials just fall through the cracks.<\/p>

Even a short delay gives an insider the window they need to exfiltrate critical files, scrape email threads, or clone repositories. And in hybrid environments where employees can work from anywhere, it\u2019s not like they need to be in the office to execute their plan.<\/p>

The issue here isn\u2019t just technical, it\u2019s procedural. Offboarding often relies on a chain of handoffs across teams, tools, and systems that aren\u2019t designed to stay perfectly in sync. Without centralized visibility, security teams are left assuming access has been revoked without being able to confirm that it truly has everywhere it matters.<\/p><\/div>

Role Creep: When Access Expands but Never Contracts<\/strong><\/p>

It happens all the time. An employee gets temporary access to a sensitive system or dataset for a project. The project ends. But no one ever removes the access.<\/p>

Multiply that across dozens of projects, hundreds of users, and years of growth, and you end up with\u00a0role creep\u00a0<\/strong>\u2014 users accumulating access they no longer need, often to data that\u2019s far outside their current responsibilities.<\/p>

Over time, this creates a bloated, over-permissioned environment where a single compromised or malicious insider has reached far beyond what their job should allow. The scariest part? Most companies have no easy way to map access patterns against actual job function. It\u2019s not just about who\u00a0can<\/em>\u00a0access sensitive data. It\u2019s about who\u00a0should<\/em>.<\/p>

Role creep doesn\u2019t turn employees malicious. It turns ordinary trust into latent risk by quietly handing out more access than anyone intended.<\/p>

<\/picture><\/a><\/div><\/div>

Cloud Collaboration Tools: The Unseen Exit Route<\/strong><\/p>

Not long ago, collaboration was relatively contained. Files lived on shared servers. Documents moved through email. Infrastructure teams had clear control over where data went and how it was shared.<\/p>

Today, that model is gone. Slack, Google Drive, Dropbox, Notion, and GitHub are the lifeblood of modern work, and they\u2019ve fundamentally changed how information moves inside organizations. Not because they\u2019re insecure, but because data now flows freely across tools and users in ways most teams struggle to fully monitor.<\/p>

Security teams often don\u2019t have deep visibility into what users are doing in these tools. Sensitive files can be shared with personal accounts, exposed to public links, or downloaded in bulk \u2014 all without triggering traditional\u00a0DLP\u00a0rules. Chat messages can contain customer data, pricing information, screenshots, credentials, and more. And in many cases, none of it is logged, flagged, or correlated with broader user behavior.<\/p>

Collaboration platforms blur the line between communication and storage. As conversations turn into files, links, and shared artifacts, sensitive data quietly proliferates; copied, cached, and stored across multiple tools long after its original context is gone. Without monitoring these platforms for insider behavior, organizations miss one of the fastest-growing vectors for silent data loss.<\/p><\/div><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

The Biggest Insider Risk Gaps You Probably Haven\u2019t Thought About<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
By: Code Padula, Sales Engineer<\/strong><\/em><\/h6>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Personal Devices and Unmanaged Endpoints<\/strong><\/p>

Even in companies that issue corporate laptops, employees still use personal phones, tablets, or home machines to check emails, open Slack threads, or view dashboards. And for contractors or freelancers, unmanaged devices are often the default.<\/p>

That creates a serious blind spot. Even if your main endpoint protection solution is doing its job, you can\u2019t enforce policy or capture telemetry on personal or BYOD endpoints. If a user downloads sensitive documents to their home desktop or screenshots internal tools on their iPhone, you won\u2019t know. And once that data leaves your visibility layer, it\u2019s gone.<\/p>

Hybrid work has made this problem worse. Employees are logging in from cafes, co-working spaces, shared home offices, and doing real work on devices you don\u2019t control. Without endpoint visibility, insider risk becomes almost impossible to quantify, let alone contain.<\/p>

Print, Copy, Screenshot: The Analog Loophole<\/strong><\/p>

Security teams spend millions on digital controls, but forget about the oldest data exfiltration tools in the book:\u00a0printer trays, clipboard copy, and camera rolls<\/strong>.<\/p>

Yes, people still print sensitive documents. Yes, they still take pictures of their screens. And yes, they still copy and paste information from secure systems into personal files, unmanaged notes, or third-party platforms.<\/p>

These are analog behaviors in a digital world and most organizations have no answer for them.\u00a0Traditional DLP\u00a0can\u2019t detect when someone pulls out their phone. It won\u2019t trigger an alert when someone uses the Snipping Tool or grabs content through Command + C. Yet these actions are incredibly common and often go unnoticed until long after the fact.<\/p>

Your IRM strategy needs to address the human-device interaction layer. That means visibility into screen-level behavior, clipboard activity, and print logs, especially in roles that handle sensitive data daily.<\/p><\/div>

The Insider Threat That Isn\u2019t Malicious<\/strong><\/p>

Here\u2019s a hard truth:\u00a0most insider incidents aren\u2019t malicious<\/strong>. They\u2019re caused by smart, well-meaning employees who are trying to do their jobs, fast.<\/p>

They email themselves files to work from home. They upload documents to a personal cloud account so they can collaborate with someone who doesn\u2019t have internal access. They store passwords in plaintext because it\u2019s \u201cjust easier.\u201d They take screenshots of a dashboard to paste into a client deck.<\/p>

These actions don\u2019t come from intent to harm. But they expose sensitive data in ways that traditional policies were never built to handle. And the irony is, if these behaviors become normalized (e.g. if no one gets flagged, warned, or educated) employees start assuming they\u2019re okay.<\/p>

That\u2019s how risk becomes culture.<\/p><\/div>

Get Ahead of the Risk Before It Becomes Reality<\/strong><\/p>

All of these gaps stem from the same root problem: visibility. You can\u2019t address insider risk if you can\u2019t see how data moves, how people interact with it, and what \u201cnormal\u201d actually looks like.<\/p>

In practice, this often shows up quietly, like a former employee whose access lingered just long enough to download a shared drive, or a well-meaning engineer who synced sensitive documents to a personal workspace to work from home.<\/p>

Effective IRM programs close this gap by establishing behavioral baselines, tracking\u00a0data lineage, correlating access with real user activity, and surfacing anomalies in context. More importantly, they recognize that insider risk isn\u2019t a static set of alerts. It’s an evolving challenge shaped by how people work, collaborate, and change roles over time.<\/p>

Organizations that haven\u2019t mapped these gaps aren\u2019t just exposed \u2014 they\u2019re operating without a clear picture of their risk.<\/p>

You don\u2019t need to wait for an incident to start closing them. And you don\u2019t need to do everything at once. Start with visibility. Pick a single data flow, a high-risk role, or one department. Map how data moves, who touches it, and where risk accumulates. From there, insider risk becomes something you can understand and deliberately improve.<\/p><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\tLEARN MORE<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The call comes at 2 a.m. It\u2019s your chief financial officer, and the tone of their voice conveys immediate alarm. The organization\u2019s network is locked down, systems are inaccessible, and a ransom demand is flashing across every screen. This scenario is more than a fictional thriller; it reflects the stark reality for business leaders globally grappling with escalating cyber threats. With the average cost of a data breach reaching $4.45 million, the financial and operational stakes are immense. Business continuity and reputation hang in the balance.<\/p>

This is the nightmare moment every executive fears. It\u2019s a crisis that forces an urgent question: What if your employees were your strongest line of defense rather than your organization\u2019s most vulnerable link? Today, the paradigm of business cybersecurity is shifting\u2014technology remains essential, but the human element is consistently targeted by sophisticated adversaries. Investing in cybersecurity training for employees is no longer just a best practice; it is a strategic imperative for business resilience and sustained competitive advantage.<\/p>

The Uncomfortable Truth About Your Biggest Vulnerability<\/strong><\/p>

Organizations spend billions of dollars each year deploying advanced firewalls, endpoint detection solutions, and cyber risk management software. Security awareness is a common board-level agenda item, and CISOs typically highlight technical countermeasures in executive meetings. Yet, despite massive investments in such security training programs and infrastructure, an uncomfortable truth persists: the majority of cyber incidents involve a human element.<\/p>

Data Reveals the Human Factor<\/strong><\/p>

Industry research shows that approximately 60% of all security breaches result from human error or manipulation. Employees remain susceptible to phishing training shortfalls, poorly understood security policies, and social engineering scams. From clicking on dangerous email attachments to falling victim to business email compromise attacks, employee cyber education gaps play directly into attackers\u2019 hands.<\/p>

Today\u2019s threat actors aren\u2019t just probing firewalls; they\u2019re engineering targeted attacks to exploit loyal, distracted, or uninformed staff. This reality underscores the renewed urgency of security awareness and employee training, making robust security education and cybersecurity awareness training ROI for executives a critical discussion point at every board meeting.<\/p>

The Existential Threat to Small and Midsize Businesses<\/strong><\/p>

Large enterprises might command headlines, but SMBs are often at greater risk. Attackers identify small and midsize businesses as lower-hanging fruit, perceiving lighter defenses and slimmer budgets. Data shows 78% of SMB leaders worry a significant cyberattack could put them out of business. With so many small business owners and SMB executives seeking an employee security training implementation guide for SMBs, practical, role-based security training implementation is now core to business survival.<\/p>

This stark reality creates a paradox: The very employees who drive growth and innovation can, without effective cyber resilience training and information security awareness, unwittingly become the weakest link. The gap between technology investment and security education is a vulnerability that businesses cannot continue to ignore.<\/p>

The Hidden Price Tag of Inaction<\/b><\/p>

Overlooking cybersecurity training for employees comes with mounting and often underestimated consequences. Measuring the effectiveness of your cybersecurity training programs and their KPIs against potential breach costs reveals a staggering disparity between investment and potential loss.<\/p>

A Spectrum of Costs<\/b><\/p>

Breach response costs vary by what went wrong\u2014but consistently, costs skyrocket when the human element is involved:<\/p>