Employees are actively circumventing corporate security protocols, new research found.
Why did the employees break from security protocol? The Dtex Systems report found 59 percent of employees accessed pornographic websites during the work day and 43 percent of companies had users engaged in online gambling activities over corporate networks.
While inappropriate Internet use was to blame some of the breaches in security protocol, malicious threats were also responsible for some of the unauthorized activity, according to the Dtex Systems Insider Threat Intelligence Report.
The report also found 60 percent of all attacks end up carried out by insiders and 68 percent of all insider breaches were due to simple negligence, while 22 percent were from malicious activity by a staffer and 10 percent related to credential theft.
Employers should also be careful during the first and last two weeks of a person’s employment as this is when 56 percent of organizations saw potential data theft take place from leaving or joining employees during those times.
“Some of the year’s largest reported breaches are a direct result of malicious insiders or insider negligence,” said Christy Wyatt, Dtex Systems chief executive. “With limited visibility into user risk, companies face unlimited exposure which can have heavy legal and/or financial implications.”
It is vital to understand when some employees start bypassing security protocols the workers then often tell colleagues who proceed to bypass the same protocols.
“A commonality among the organizations assessed is that they are often unprepared to manage the security risks that surface when they have holistic visibility into employee endpoints on and off the corporate network,” said Rajan Koo, senior vice president for customer engineering at Dtex Systems.
To help reduce the impact of insider threats, the report provided guidance on how enterprise security teams can minimize security risks by taking the following key steps:
• Improve on- and off-network visibility into user behavior; users generally look to conduct risky business on corporate systems while off the corporate network.
• Increase visibility over tools prone to credential theft.
• Pay attention to employees and contractors who have joined or are planning to leave the company. Employees planning to depart an organization often work over a period of time to ready data for exfiltration, giving security teams an opportunity to intercede.
• Pay attention to employees who violate company policy. These incidents are often indicators of risk-takers.
• Leverage lightweight, scalable solutions that enable broad visibility. Heavy legacy solutions that cost network and endpoint performance often provide overwhelming reams of data but little visibility into user behavior trends and actionable insights, and are generally used to monitor only a subset of the population.
• Close the skills gap by providing ongoing training to security teams as well as employees on rapid detection and risky user behavior.
• Focus on the point closest to the user – the endpoint – where you will get the most visibility into user risk.
• Remain vigilant to anomalous behavior from employees. If an employee’s behavior deviates from the norm (i.e. suddenly downloading a large number of files), it could indicate that that employee is planning to exfiltrate sensitive data from the company.