Meet Ai3, the DTEX Risk Assistant. Fast-track effective insider risk management with guided investigations.



Insider Risk Insights - DTEX Blog

Insider Risk Detection 101: Mitigating Unintentional Insider Threats


According to the Ponemon Institute’s 2022 Cost of Insider Threats Global study, the overall number of insider threat incidents jumped by 44% in the past two years, with non-malicious insiders driving 56% of incidents that cost organizations an average of $484,931 per incident. In today’s increasingly digital and distributed workforce, identifying and responding to insider threats isn’t enough – enterprises need to take a more proactive approach to insider risk management to mitigate unintentional insider threats before they occur.

Every insider threat starts as an insider risk, but not every insider risk is a threat. All employees are capable of introducing risk to an organization – from the C-suite to managers to contractors and more. Proactive insider risk detection requires a deeper understanding of the differences in the way malicious and non-malicious users interact with data in order to disrupt potential threats before any significant damage occurs.

It is important to note that most data loss events aren’t caused by malicious employees but rather by insiders who inadvertently introduce risk because they haven’t complied with corporate security policies, or they have misused company systems or data. Sometimes they have been outsmarted.

Let’s take a look at some of the non-malicious behaviors accelerating insider risk in today’s hybrid workforce.

Uptick in the Use of Corporate Assets for Personal Activities (and Vice Versa)

In 2021 the DTEX i3 Team saw a 3x increase in the use of corporate assets for personal activities such as social media, shopping, gaming, stocks, letting family members use personal devices and more.

Remote employees are more likely to open suspicious emails when using personal accounts, which can easily infect corporate devices compromising corporate data. Additionally, the use of personal printers, backup storage devices, and other peripherals can lead to unauthorized and unprotected copies of sensitive information.

Over the last year, unsanctioned third-party work on corporate devices jumped 200%. In these instances, employees were leveraging corporate IP to assist third-party businesses that may be in direct competition with their official employer. One example identified in our 2023 Insider Risk and Investigations Report included a social media marketer using her corporate Adobe Creative Cloud license to produce work for another organization during business hours.

Storing Sensitive Information on Personal Devices

As ransomware attacks increase, security and risk teams also need to worry about insider risk detection on employees’ home networks and personal devices. Many employees leverage mobile applications when working remotely, which can be used as a method for data exfiltration if not secured appropriately.

The transition to remote work has led to an increase in the usage of unsanctioned applications in the workplace including file-sharing solutions and collaboration tools like Dropbox, messaging tools like WhatsApp, and bluetooth sharing tools. While many employees are using these tools for legitimate business purposes, they represent a new source of shadow IT, expanding the corporate attack surface.

One example of this is the recent Dropbox data breach  that compromised 130 GitHub repositories. This was the result of a successful phishing attack using emails impersonating the CircleCI continuous integration and delivery platform to target the company’s employees, directing them to a phishing landing page that prompted them to enter their GitHub username and password.

While unintentional, non-malicious insiders accelerate external threats, like phishing attacks, ransomware, malware or other cyberattacks. Bottom line: If you don’t understand the risk, you’ll never find the threat.

So, how can insider risk detection strategies help you mitigate these?

1. Offer Support, Not Suspicion 

Balancing empathy and engagement with the need to protect sensitive information starts with employees trusting they will be treated fairly. Intrusive surveillance-based methods that log employee keystrokes and monitor web browsing and personal email build mistrust – which is why successful insider risk management strategies are centered around an enterprise’s most valuable assets: humans.

Employees that feel trusted, respected, and valued are more likely to adhere to security policies and flag unusual activities and behaviors. By changing the narrative around insider risks, executives can establish a sense of moral responsibility and corporate loyalty across their workforce.

2. Establish Real-Time Visibility and Access to a Full Audit Trail

Understanding the context of when, why, where, and how employees and third-parties interact with data, machines, applications, and peers as they perform their job responsibilities offers critical insights into the varying behaviors, activities, and indicators driving threats.

Establishing a real-time forensic audit trail across the entire footprint of the organization will offer the visibility and context surrounding the underlying employee behaviors to identify those who intentionally seek to cause harm from those who are acting negligently.

Unlike intrusive legacy employee monitoring software solutions, DTEX InTERCEPT takes a privacy-first approach to security, leveraging patented pseudonymization techniques on raw data fields. It offers HR, IT, finance, and cybersecurity teams the behavioral context needed to uncover the Who, What, When, Where, Why and How needed to deliver better day-to-day experiences and foster better outcomes for employees and the organization. By understanding this context, teams can discern indicators of malicious intent without compromising privacy.

Contact us now to learn more about how InTERCEPT can help you mitigate unintentional insider risks.