Insider threat blind spot enables employee revenge attacks

Based on threat assessments from global organizations in public and private sector industries, Dtex Systems determined there are active insider threats in all assessed organizations.

This is clear proof that none have been able to eliminate the insider threat blind spot. Failure to gain visibility is allowing malicious and negligent employees to engage in undetected high-risk activities on every endpoint, on and off the network. Malicious employees are users that intentionally harm their organizations through theft, sabotage, and blatant disregard for security policies and controls.

Negligent employees are users are often times trusted employees that hurt their organization due to a lack of awareness, error, or because they are left unprotected against attacks.

Key findings

• 78 percent of assessments found instances of company data that was accessible via the public web, which was caused by negligent employees’ improper use of Google Drive, Drobox, Box and other cloud apps; up 14 percent over last year.
• 60 percent of assessments identified instances of malicious employees using anonymous and VPN browsing to bypass security controls or to research how to bypass controls.
• 90 percent of assessments discovered that negligent employees were transferring company data to unencrypted and unauthorized USB devices.
• 91 percent of assessments recognized that negligent employees were expanding the phishing attack surface by accessing personal web mail accounts on company machines; a behavior that was up 4 percent over last year.
• 67 percent of assessments uncovered cases where malicious employees were visiting inappropriate and risky gaming, gambling and pornography websites; up 8 percent over last year.
• Assessments exposed a “revenge” attack, where a malicious employee filled out online forms with a senior staff member’s contact details, this caused the target’s inbox and phone to be overrun with nuisance emails and calls.

“While malicious users are always looking for new ways to defy security controls, not all internal risk comes from bad intent. Negligent employees don’t always understand when they are engaged in damaging activities. These trusted users can fall prey to bad actors looking to steal their credentials. The lack of visibility into all types of user behaviors is creating employee-driven vulnerability problems for every business,” said Christy Wyatt, CEO, Dtex Systems. “Organizations have to secure data, neutralize risky behaviors and protect trusted employees against attacks and their own errors. To accomplish all of this, they have to see how their people are behaving and have a mechanism that provides alerts when things are go wrong.”

To conduct the threat assessments covered in the report, Dtex analyzed anonymized data about user behaviors taking place on public and private sector organizations’ endpoints. The data was compared to more than 5,000 known bad-behavior patterns and then turned into intelligence that revealed where insider threat patterns were active.

Organizations examined are based in North America, South America, Asia Pacific and Europe. They included small, midsize and large multinational corporations in a wide range of industries: financial services, legal, technology, public sector, energy, retail, transportation, real estate, and pharmaceutical. Organizations reviewed span the small, mid-size and large categories. Some employ as few as 500, others more than 100,000.