Dirty minds and common vices were the driving force behind the majority of protocol breaches as 59 percent of the organizations had experienced instances of employees accessing pornographic websites during the work day and 43 percent had users who were engaged in online gambling activities over corporate networks, according to the firm’s Insider Threat Intelligence Report.
While inappropriate internet use was to blame some of the breaches in security protocol, malicious threats were also responsible for some of the unauthorized activity. The report found that 60 percent of all attacks are carried out by insiders and 68 percent of all insider breaches were due to simple negligence, while 22 percent were from malicious activity by a staffer and 10 percent were related to credential theft.
Employers should also be careful during the first and last two weeks of a person’s employment as this is when 56 percent of organizations saw potential data theft take place from leaving or joining employees during those times.
“Truly malicious individuals – those who really want to harm a business or steal IP – is still quite rare,” Dtex Systems Senior Vice President Engineering Rajan Koo told SC Media. “However, the large majority of those looking to bypass security protocols are doing so for recreational purposes, such as to use a blocked social media site on company networks.”
He went on to say that it’s important to understand when some employees start bypassing security protocols the word spreads like wildfire and these workers will then often tell colleagues who proceed to bypass the same protocols, and so on and so forth.
He added that organizations must actively monitor what’s happening on their endpoints and quickly act when threats occur.
Contextual information is also crucial to determining whether employees are bypassing the security protocols for malicious purposes or for more harmless, recreational ones, Dtex Systems Chief Executive Officer Christy Wyatt told SC Media.
“For instance, one organization found that one of their employees had been googling ‘how to bypass network proxy’ and went down a list until he found a tool that worked,” Wyatt said. “Immediately, he sent it over to his friends in the office letting them know that they could use the same tool if they ever wanted to get around corporate network controls.”
She went on to say that when someone bypasses those controls, they leave a dark spot in the network that IT teams can’t manage and it becomes a vulnerability that external bad actors can exploit.
“One of the most interesting things that isn’t talked about broadly is how often prioritizing convenience leaves a lot of corporate data exposed,” Koo said. “The links that were shared via cloud services such as Dropbox and Google Drive were more often found to be completely insecure.”
He went on to say that because of this anyone can do an advanced Google search and find a dossier of sensitive data from inside enterprise organizations and that most organizations, after gaining insights into their users’ behavior and data, are surprised to find just how much of their data can easily be accessed from the web.
“Often an employee, maliciously or not, brings data from their previous job into an organization’s network as we have seen with cases recently in the news,” Wyatt said. Being able to detect this could prove invaluable to both the employee as well as the company.
In order to combat these threats, companies need to improve on- and off-network visibility into user behavior, increase visibility over tools prone to credential theft, and pay attention to employees and contractors who have recently joined or are planning to leave the company. Companies should also leverage lightweight, scalable solutions that enable broad visibility, ensure employees are properly trained and remain vigilant to anomalous behavior from employees.