We recently hit an exciting milestone here at Dtex: the release of our 2019 Insider Threat Intelligence Report. Published annually, the report compiles findings from the User Threat Assessments conducted by Dtex security analysts across our diverse customer over the course of 2018. And using the expansive visibility and enriched user behavior intelligence provided by our platform, it aims to provide a better understanding of where insider risks truly exist.
If we had to distill this year’s edition down into one centralized theme, it is that the human side of cyber security is more apparent than ever. Whether the result of behavior of a malicious or negligent behavior, or a user being compromised, all types of insider threats have one thing in common: they are human-driven.
The simple truth is that our users and employees are human and prone to making human mistakes. They are bound to inadvertently overlook policies and procedures, or have lapses in judgement. They care – probably more deeply than ever before – about preserving and maintaining their personal privacy, as well as boosting their productivity and efficiency. Sure, there are some bad apples out there… and organizations absolutely need to be prepared for that. But our experience tells us that, more often than not, it is simple human error or carelessness that is drastically increasing our insider risk levels.
The evidence is in the data. This year’s report shows that every assessment saw instances of employees accessing personal email on corporate endpoints and transferring sensitive company documents via unsanctioned cloud applications or file-sharing services, personal webmail accounts, or unencrypted USBs. Nearly 100 percent of assessments recorded instances of confidential corporate data exposed and publicly accessible on the web, and users attempting to bypass security controls via anonymous browsers or VPNs. In the vast majority of cases, these data exposures were due to simple negligence rather than malicious intent.
Dtex analysts also saw a notable spike in outside infiltrators using this susceptibility to human error to their advantage – whether by employing social engineering tactics that compel users to expose their credentials, or slipping through security gaps and backdoors opened when a user mistake or policy violation occurs. And by presenting themselves as a legitimate user, infiltrators often are able to move laterally, escalate their privileges, and access high-value systems or data without detection.
What does all of this tell us? Most notably, it emphasizes that comprehensive security is just as much about insider readiness, trust, and engagement as it is about investing in the right technology. And whether we choose to enable and empower – or inhibit and restrict them – the humans inside of our organizations can have the greatest impact on our ability to effectively defend against both internal and external threats.
See the infographic below for a more detailed view of our findings, and download the full version of the 2019 Insider Threat Intelligence Report here.