Employees or contractors identified as a “flight risk” are linked to 60% of insider threat cases, increasing the likelihood that such incidents will involve theft of sensitive corporate data, according to Securonix.
The vendor’s 2020 Securonix Insider Threat Report was distilled from over 300 real-life insider incidents across multiple sectors.
It revealed that over 80% of staff members deemed likely to terminate their employment will take data with them, anywhere between two weeks and two months prior to them leaving. Flight risk can be determined from web browsing and email behavior, Securonix said.
Unsurprisingly, therefore, data exfiltration is the number one insider threat, with email the most popular vector for data loss, followed by web uploads and cloud storage sites.
Account sharing and shadow IT, especially the prevalence of cloud collaboration tools, are compounding the problem for IT security operations teams, the report claimed.
“Data aggregation and snooping of sensitive data is still prominent in most organizations, however tools to detect such behavior still lag behind. This is primarily due to organizations struggling to classify data that is deemed sensitive, combined with data being vastly distributed across networks and systems,” it explained.
“The circumvention of IT controls is prevalent across all organizations. IT security operations teams, especially ones from large enterprises, are finding it difficult to draw conclusions about such incidents mostly due to lack of, or differences between, policies and procedures for each line of business.”
Pharmaceutical firms accounted for the largest number of data exfiltration incidents analyzed by Securonix, which is understandable considering the highly sensitive IP handled by these organizations.
Behavioral analytics were used most often to detect abnormal user behavior and flag violations.
However, data theft is only one of many risks posed by employees. Many of these stem from negligence rather than deliberate malice. Human error, including misconfiguration of cloud systems and misdelivery of emails, accounted for 22% of breaches analyzed by Verizon in its latest report.