9/4/18 - Dtex, Insider Threat, Privacy News: Dtex Announces Record Year, Adds New CFO and NSA Veteran to Team, Human Error Drives UK Data Breach Increase
Increasing insider threat rates that include incidents caused by malicious actors and negligent humans drove demand for user behavior intelligence during our fiscal 2018 year, which lead to a record-setting 12 month period for the company. With 321 percent year-over-year growth, the addition of a new CFO and 37-year NSA veteran, Dtex is again positioned to set another record as it helps customers across industries to reduce the risk of insider-driven attacks and breaches. Leading drivers behind the company’s stellar performance were best summed up by CEO Christy Wyatt:
“Data loss prevention solutions, key-stroke loggers and screen-capture technologies have failed to reduce insider threat risks or stop data breaches. The market recognizes that the intelligence we provide is the best way to understand what is taking place in environments and to address insider threat risks. We are thrilled by the adoption and support we are receiving from our customers, we are on track for another record year.”
Read full details about FY 2018 here: Dtex Systems Achieves 321 Percent Year Over Year Growth, Driven by Demand for User Behavior Intelligence that Detects Insider Threats
It’s not surprising that demand for Dtex continues to surge. Daily, the news is inundated with reports about insider threats. Some recent related news demonstrates just how severe the problem is.
Via Help-Net Security: Data breach reports to Information Commissioner increase by 75%
This article reports that data security incidents received by the UK’s Information Commissioner Office (ICO) were largely driven by negligent humans (aka insider threats):
Kroll’s analysis reveals that the data breach risks posed by human error are at least as great as those from cyber attacks. In the past year, of the incidents where the type of breach is specified, 2,124 reports could be attributed to human error, compared to just 292 that were deliberate cyber incidents.
The most common types of incidents due to human error include data being emailed to the incorrect recipient (447 incidents), loss or theft of paperwork (438) and data left in an insecure location (164). The loss or theft of unencrypted devices (133) is another common reason for data breach reports.
Kroll is a data security risk provider. The ICO is The UK’s independent authority set up to uphold information rights in the public interest.
Via Forbes: 58% Of All Healthcare Breaches Are Initiated By Insiders
In a review of the Verizon 2018 Protected Health Information Data Breach Report (PHIDBR), Forbes contributor Louis Columbus writes that healthcare is rampant with insider threats:
58% of healthcare systems breach attempts involve inside actors, which makes this the leading industry for insider threats today.
At InfoSecurity Magazine: Chinese Hotel Breach May Have Hit 100 Million+ Customers
In a breach that rivals the size of Equifax, Phil Muncaster reported that human error (aka negligent insider) led to this massive breach. According to Phil:
State media claimed that 500 million records were stolen. These reportedly included 123 million registration details including names, mobile numbers and ID numbers; 130 million check-in records including names, addresses and birth dates and 240 million hotel stay records including card and mobile numbers.
Cybersecurity intelligence firm Zibao reportedly suggested the breach may have happened when the hotel’s developers uploaded a database to GitHub.
Wyatt weighed in on the incident too:
The cause of the Huazhu Group data breach that authorities are saying may have impacted between 100 and 500 million people hasn’t been fully confirmed but some security researchers are speculating that it was caused by a human uploading data to GitHub, a publicly-accessible cloud service. This type of human error occurs frequently. Our 2018 Insider Threat Intelligence Report showed that employees and other insiders had exposed data on public cloud platforms at 78 percent of the organizations we assessed. This was an increase of almost 15 percent over the previous year.
By Dark Reading: IT Professionals Think They're Better Than Their Security
If this report isn’t enough to motivate organizations to decide whether to consider how real the insider threat is, maybe nothing is. According to the article:
Computer professionals may think their enterprise security is good, but they think their skills are better. In fact, almost half think they could pull off a successful insider attack, according to a new report by Imperva.
Indeed, 43% of the 179 IT professionals surveyed said they could successfully attack their own organizations, while another 22% said they would have at least a 50/50 chance at success.