Findings Include Sensitive Corporate Data on the Public Web and Inappropriate Internet Usage from Malicious and Negligent Insiders
SAN JOSE, CA — April 13, 2017 – Dtex Systems, a leader in user behavior intelligence and insider threat detection, today announced availability of its Insider Threat Intelligence Report. The report reveals key security trends driven by malicious and negligent insiders that include a cross section of employees, contractors and partners with access to corporate endpoints, data and applications. To produce the report, Dtex analyzed risk assessments across a broad sample of its customer base and discovered trending corporate activities that pose the most significant security risks.
Among the most alarming discoveries was that 95 percent of assessments revealed employees were actively researching, installing or executing security or vulnerability testing tools in attempts to bypass corporate security. Additionally, they were more frequently using VPNs, TOR and other anonymity tools to bypass organizational security and web-browsing restrictions. This finding alone signals that employees are getting savvier when it comes to getting around productivity restraints imposed by security provisions.
“Some of the year’s largest reported breaches are a direct result of malicious insiders or insider negligence,” said Christy Wyatt, CEO at Dtex Systems. “With limited visibility into user risk, companies face unlimited exposure which can have heavy legal and/or financial implications. Organizations that actively monitor what’s happening on their endpoints and quickly act to address risks can protect their most important assets: their employees and their data.”
The report unveils that despite being one of the longest-standing and most frequently leveraged vulnerabilities, the insider threat continues to not just thrive within organizations but actually grow exponentially. Among some of the more salient findings revealed in the report are that:
People are the weakest security link — 60 percent of all attacks are carried out by insiders. 68 percent of all insider breaches are due to negligence, 22 percent are from malicious insiders and 10 percent are related to credential theft. Also, the current trend shows that the first and last two weeks of employment for employees are critical as 56 percent of organizations saw potential data theft from leaving or joining employees during those times.Increased use of cloud services puts data at risk — 64 percent of enterprises assessed found corporate information on the web that was publicly accessible, due in part to the increase in cloud applications and services. To make matters worse, 87 percent of employees were using personal, web-based email on company devices. By completely removing data and activity from the control of corporate security teams, insiders are giving attackers direct access to corporate assets.Inappropriate internet usage is driving risk — 59 percent of organizations analyzed experienced instances of employees accessing pornographic websites during the work day; 43 percent had users who were engaged in online gambling activities over corporate networks, which included playing the lottery and using Bitcoin to bet on sporting events. This type of user behavior is indicative of overall negligence and high-risk activities taking place.
“A commonality among the organizations assessed is that they are often unprepared to manage the security risks that surface when they have holistic visibility into employee endpoints on and off the corporate network,” said Rajan Koo, SVP Customer Engineering at Dtex Systems. “Dtex proactively conducts ongoing insider threat assessments for a diverse global customer base to identify trends in security threats and help these businesses best prepare to address them.”
Proactive Defenses RequiredTo help reduce the impact of insider threats, the Insider Threat Intelligence Report also provides valuable guidance on how enterprise security teams can minimize security risks by taking the following key steps:
Improve on- and off-network visibility into user behavior. Users generally look to conduct risky business on corporate systems while off the corporate network;Increase visibility over tools prone to credential theft;Pay attention to employees and contractors who have recently joined or are planning to leave the company. Employees planning to depart an organization often work over a period of time to ready data for exfiltration, giving security teams an opportunity to intercede;Pay attention to employees who violate company policy. These incidents are often indicators of risk-takers;Leverage lightweight, scalable solutions that enable broad visibility. Heavy legacy solutions that cost network and endpoint performance often provide overwhelming reams of data but little visibility into user behavior trends and actionable insights, and are generally used to monitor only a subset of the population;Close the skills gap by providing ongoing training to security teams as well as employees on rapid detection and risky user behavior;Focus on the point closest to the user – the endpoint – where you will get the most visibility into user risk;Remain vigilant to anomalous behavior from employees. If an employee’s behavior deviates from the norm (i.e. suddenly downloading a large number of files), it could indicate that that employee is planning to exfiltrate sensitive data from the company.
For more details around current security trends, additional findings and methods to secure the blurring perimeter of the enterprise, download the Insider Threat Intelligence Report here: https://dtexsystems.com/2017-insider-threat-intelligence-report/.
About the Insider Threat Intelligence Report
To develop the report, Dtex Systems analyzed risk assessments from 60 enterprises across North America, Europe and Asia from a broad range of industries including Finance, Public Sector, Manufacturing, Pharmaceuticals and Media & Entertainment.
Dtex conducts regular insider threat assessments for a diverse global customer base, leveraging data collected by the Dtex Advanced Enterprise DMAP Intelligence Platform. Enterprises, even those with sophisticated security programs, are often surprised by what they find when they get visibility into user activity on and off the corporate network. With its technology running on over 100,000 endpoints globally, Dtex is uniquely positioned to provide insight into emerging user behavior and report on the latest trends in insider threat vulnerabilities and their impact on enterprise security.
About Dtex SystemsDtex Systems arms enterprises across the globe with revolutionary technology to protect against user threats, data breaches, and outsider infiltration. As the only solution combiningunparalleled endpoint visibility with advanced analytics, Dtex can pinpoint threats with greater accuracy than traditional security methods without adversely impacting user productivity. To learn more, visit www.dtexsystems.com.