Active insider threats are present in 100% of organizations, with companies failing to eliminate insider threat blind spots, according to new research from Dtex Systems.
The user behavior intelligence provider analyzed anonymized data about user behaviors taking place on public and private sector organizations’ endpoints in North America, South America, Europe and Asia Pacific. The data was compared to more than 5000 known bad-behavior patterns and then turned into intelligence that revealed where insider threat patterns were active.
The findings showed that 90% of assessments discovered that negligent employees were transferring company data to unencrypted and unauthorized USB devices, with 91% indicating that negligent employees were expanding the phishing attack surface by accessing personal web mail accounts on company machines – a behavior up 4% in the last 12 months.
What’s more, the research also highlighted issues surrounding the improper use of cloud apps such as Google Drive and Dropbox with 78% of assessments discovering instances of company data being accessible via the public web.
In terms of malicious intent, 67% of assessments uncovered cases where employees were visiting inappropriate and risky gaming, gambling and pornography websites – up 8% from last year – whilst 60% identified instances where malicious employees were using anonymous and VPN browsing to bypass security controls or to research how to bypass controls.
“While malicious users are always looking for new ways to defy security controls, not all internal risk comes from bad intent,” said Christy Wyatt, CEO, Dtex Systems. “Negligent employees don’t always understand when they are engaged in damaging activities. These trusted users can fall prey to bad actors looking to steal their credentials. The lack of visibility into all types of user behaviors is creating employee-driven vulnerability problems for every business.
“Organizations have to secure data, neutralize risky behaviors and protect trusted employees against attacks and their own errors. To accomplish all of this, they have to see how their people are behaving and have a mechanism that provides alerts when things are go wrong.”
“Business needs to get out of the cybersecurity denial phase it is stuck in. To do this, it must accept that it needs more visibility into what’s going on in its environment,” added IT-Harvest chief research analyst and Charles Stuart University lecturer Richard Stiennon. “This report is a needed reminder of just how oblivious organizations are to high-risk activities that lead to things like data breaches, ransomware attacks and IP theft.”