Yesterday marked an exciting day for Dtex, as we released one of our keystone pieces of independent research: the 2018 Insider Threat Intelligence Report. This report is our annual effort to look back on findings from the previous year’s User Threat Assessments – gathered across our diverse customer base – and compile them for a high-level view of the trends that emerge. Though we deal with insider threats every day, this endeavor allows us to take a step back and get a more in-depth perspective of the greater insider threat landscape.
This year’s report confirmed something that we already knew: insider threats are still a widespread problem. Every single organization we assessed found some form of unknown, active insider risk. The vulnerabilities uncovered came in many different forms, ranging from malicious sabotage to petty insider wrongdoing to clueless human error, though all indicated a lack of defenses needed to protect trusted employees.
This prevalence makes sense, because ultimately, insider threats are all about humans, and humans are fallible, especially when cybersecurity is far from the top of their minds.
In fact, one of the top narratives we’ve seen surface again and again this year is the growing realization that most average employees don’t feel a strong sense of personal responsibility for cybersecurity. Our upcoming study of enterprise employees, conducted in partnership with YouGov, certainly highlights that fact: even when employees are aware of good security hygiene, they don’t always act on that knowledge, likely because they have absolute trust in the organization to assume responsibility for their security.
The problem is, organizations aren’t always doing that, often because so many of them still have a pervasive insider threat blind spot, and most don’t even know how their users make them vulnerable.
This is proven by many of this year’s Insider Threat Intelligence Report key findings:
78 percent of assessments found instances of company data that was accessible via the public web, which was caused by negligent employees’ improper use of Google Drive, Drobox, Box and other cloud apps; up 14 percent over last year.60 percent of assessments identified instances of malicious employees using private, anonymous or VPN browsing to bypass security controls or to research how to bypass controls.90 percent of assessments discovered that negligent employees were transferring company data to unencrypted and unauthorized USB devices.91 percent of assessments recognized that negligent employees were expanding the phishing attack surface by accessing personal web mail accounts on company machines; a behavior that was up 4 percent over last year.67 percent of assessments uncovered cases where malicious employees were visiting inappropriate and risky gaming, gambling and pornography websites; up 8 percent over last year.
We believe that organizations want to, and should, trust their employees. Users shouldn’t be treated as if they’re suspects to a crime they haven’t committed, all in the name of security.
But when security teams lack visibility, they’re forced to resort to less-than-ideal options. We hear exhausted stories every day of security teams who struggle with noisy, inconclusive data, alert overload, unscalable solutions, or monitoring that unacceptably violates user privacy.
These struggles result in a pervasive user visibility gap. Even among those who have made heavy investments in security, almost every organization that we’ve worked with has been surprised by what Dtex finds after deployment.
The good news, however, is that more and more security professionals are recognizing that these vulnerabilities exist, and that recognition is the first step to addressing the problem head-on.
This year’s Insider Threat Intelligence Report confirms that knowledge, gained by true insight into user behavior, is essential. And once organizations understand their risks and their users, they can build a holistic security plan to address their greatest vulnerabilities, and equip their greatest assets (those users) to remain their greatest assets.
To see for yourself how insider threats presented in our assessed organizations, and get insights on how to address them — download the 2018 Insider Threat Intelligence Report here.