Today, we published the third annual Dtex Insider Threat Intelligence Report, now regarded as the industry standard for identifying insider threat behavioral trends across industries and the world. The 2019 edition includes details on how malicious, negligent and compromised insiders are placing enterprises at risk of data breaches, ransomware attacks, espionage, and other types of security incidents. Unlike many recent insider threat related reports that are based on guesses and surveys, our annual work is based on actual assessments run by our expert insider threat analyst team across more than 300,000 endpoints and user accounts. It’s about what’s happening in the real world, right now!
Ian Barker at BetaNews is among the reporters covering the report. Barker’s headline highlights one of the top insider threats that negligent insiders are creating today, exposed data in the cloud. Barker wrote:
Employees and contractors are exposing confidential and sensitive information online and in the cloud in some 98 percent of organizations. This is found primarily in Dropbox, Google, and Microsoft SharePoint.
This is among the findings of a new report from insider threat specialist Dtex Systems which has analyzed information from work-issued endpoints and more than 300,000 employee and contractor accounts.
Read Ian’s story: Employees and contractors expose information online in 98 percent of organizations
Read our press release: 98% of Organizations Have Sensitive Data Publicly Exposed in Cloud Applications and Services, According to Dtex 2019 Insider Threat Intelligence Report
Get the full report: Dtex 2019 Insider Threat Intelligence Report
Today, we also announced enhancements to the Dtex Advanced Enterprise DMAP Intelligence Platform that help to address enterprise scalability challenges and expand visibility over insider risk. Key updates include:
-
- Increased visibility into system administrators’ behaviors, including privilege escalations and credential misuse
- Enabled geolocation capabilities to profile user behaviors taking place while endpoints are not connected to corporate networks
- Visibility into administrator actions on Windows Server platforms running enterprise email, web and database applications
- High-scalability support for deployments across hundreds of thousands of users and endpoints
- Full compliance to federal security and compliance guidelines and regulations
- Integration with existing security infrastructures and leading SIEM and SOAR solutions including Splunk and ArcSight
- Seamless integration for user and group information from directories into Dtex behavioral analytics
Insider Risk
Although a big news week for Dtex, there is certainly other notable cybersecurity news being reported that shows how trusted and malicious insiders impact risk. A few worth mentioning:
The New York Time: Chinese and Iranian Hackers Renew Their Attacks on U.S. Companies. Where’s the insider risk? Several attacks mentioned in the article started with humans:
The Visma attack was harder to trace than earlier incidents, which typically started with so-called spearphishing emails meant to steal personal credentials.
Wired: HACKER LEXICON: WHAT IS CREDENTIAL STUFFING? Where’s the insider risk? In two places: 1) unsuspecting people who practice weak security habits; 2) credential thieves who essentially become insiders with unfettered access to systems and data. According to the story:
The strategy is pretty straightforward. Attackers take a massive trove of usernames and passwords (often from a corporate megabreach) and try to “stuff” those credentials into the login page of other digital services. Because people often reuse the same username and password across multiple sites, attackers can often use one piece of credential info to unlock multiple accounts. In the last few weeks alone, Nest, Dunkin’ Donuts, OkCupid, and the video platform DailyMotion have all seen their users fall victim to credential stuffing.
CrowdStrike: 2019 GLOBAL THREAT REPORT: ADVERSARY TRADECRAFT AND THE IMPORTANCE OF SPEED. Where’s the insider risk? All over the report. The term “phishing” is mentioned no less than 27 times. With phishing being the easiest way to compromise trusted insiders, it’s easy to see why people are the leading cause of risk in almost every incident scenario.