As insider risks and threats become more prevalent with the rise of e-commerce and hybrid work, cybersecurity tools are struggling to evolve to recognize the human behavioral element of insider risk. This is especially troublesome for retailers that need to protect corporate data and sensitive customer information like credit card numbers and bank information.
In this new era of Work-From-Anywhere (WFA), visibility into user behavior and actions is becoming even more critical to thwarting insider threats and mitigating preventable risks, especially as retail organizations grapple with the great resignation, unprecedented employee burnout, and a potential recession.
This real-world case study highlights how DTEX InTERCEPT helped a multinational retailer operating more than 2,500 stores across the world gain visibility into in-store computers and human-led manual processes to enact change and decrease insider risk.
The Challenge: This multinational retailer had been satisfied with the protection their Endpoint Detection Response (EDR) solution provided against external malicious attacks, until one employee’s use of a thumb drive infected back-office devices in several stores. While their security team was able to contain the infection, the incident highlighted the fact that their existing telemetry did not provide sufficient information to address risks to these endpoints. This is when they started looking for a solution that could provide the context and intelligence needed to answer the Who, What, When, Where and How related to any potential insider threat situation.
Enter: DTEX InTERCEPT
Our first-of-its-kind Workforce Cyber Intelligence and Security platform deployed across all back-office devices in the organization’s retail stores within a few days, delivering rapid visibility into previously unknown risks.
Despite having a corporate policy limiting the usage of removable storage devices, DTEX InTERCEPT reported that almost a third of all authorized retail personnel used unauthorized USB flash drives multiple times each day. Further investigation by the internal security team determined that these activities were unauthorized, but not malicious. Instead of following company policy to use their OneDrive storage and other cloud-based tools, authorized retail personnel had devised a “workaround” when sharing and printing schedules and other office work that needed to be moved between users and between shifts.
Internal security was also surprised to uncover dozens of uncontrolled webmail accounts using the company name, all of which ended up being another workaround that spread between stores through word of mouth. InTERCEPT provided needed context to allow investigators to quickly discern between malicious and benign intent and create a secure solution.
Every insider threat starts out as an insider risk. The key to discerning malicious and super malicious threats from insiders creating risk due to negligence is seeing and understanding human behaviors and activity. Are you ready to make insider risk a priority for your organization? Contact us today to discuss your goals and request a demo of the platform.