Exposure of sensitive data via cloud applications and services increases 20%

To identify top threats, the Dtex researchers collected and analyzed information from work-issued endpoints across more than 300,000 user accounts. Proprietary, cloud and personal accounts such as email were included in the total. Assessed organizations spanned multiple industries across North America, Europe (EMEA) and the Asia Pacific Region (APAC).

The results are available in the Dtex 2019 Insider Threat Intelligence Report released by Dtex Systems. Among the top insider threat trends identified:

• 98% of assessments discovered sensitive and confidential information exposed and available online and in the cloud; found primarily in Dropbox, Google G Suite, and Microsoft Office 365. This was an increase of 20% over 2018.
• 100% of assessments detected sensitive and confidential data transfers taking place via unencrypted and encrypted USB drives, personal email accounts, and cloud applications. This was an increase of 10% over 2018, which looked at transfer via unencrypted USBs only.
• 97% of assessments detected employees who were flight risks, a class of insider threat that often steals data and IP. This was an increase of 59% over 2018.
• 95% of assessments detected employees attempting to bypass or circumvent security controls via anonymous browsing, VPN and TOR usage. This was an increase of 35% over 2018.
• 76% of assessments detected employees engaged in high-risk internet surfing, including visiting pornography, questionable gaming and gambling sites. This was an increase of 9% over 2018.

“Many organizations don’t completely understand how the insider threat impacts their businesses. It’s not just created by malicious actors like Edward Snowden, who are few and far between. The insider threat stretches across all employees, contractors or other third parties that have been granted or surreptitiously gained access to networks and who have the potential to place data and systems at risk,” said Rajan Koo, Dtex VP of customer engineering and head of the insider threat analyst team. “Our annual insider threat intelligence report provides a valuable education on what the insider threat is, how it manifests, and how to detect it before it creates catastrophic circumstances.”