A brand-new Insider Threat Report authored by Shareth Ben, director of insider threat and cyber threat analytics at Securonix has found that employees deemed “flight risks” are linked to around 60% of the insider threat incidents detected. Ben explained in the report that flight risks are those employees about to terminate employment with the company for various reasons and can be determined by Securonix’s advanced user behaviour analytics.
The Securonix Threat Research Team analysed hundreds of incidents across several industry verticals to expose the various types of behaviours that have been observed in the field and the detection techniques that have worked to detect such behaviours.
The report found that the exfiltration of sensitive data continues to be the most common insider threat caused by employees and contractors, followed by privileged account abuse.
And the exfiltration of that sensitive data happens most often over email, followed by web uploads to cloud storage sites, such as Dropbox etc.
Furthermore, the circumvention of IT controls is prevalent across all organisations and account sharing continues to be a huge problem for organisations, resulting in compliance, security hygiene issues, and, in some severe cases, leading to account compromise.
Also of note is that the work from home situation due to the recent COVID-19 pandemic has exacerbated the problem pertaining to data leaving the enterprise perimeter, which, Ben says, continues to become more porous.
The full report can be viewed here: https://www.securonix.com/resources/insider-threat-report-may-2020/