Insider Threats: Understanding Risky User Behavior in the Workplace

Not every insider threat is malicious, but all of them are dangerous. It’s common to think of cyber threats as  normally originating from outside the organization. However, data breaches often stem from those on the inside – whether their actions are intentionally malicious or careless mistakes. To ensure that neither type of insider threat results in a catastrophic data breach, it’s essential to monitor the behavior of your employees, contractors and partners.

To gain a better understanding of risky user behavior in the workplace, Gurucul conducted a survey of 476  IT security professionals at Black Hat USA 2019. More than half of those canvassed work in organizations with at least 2,500 employees. The survey uncovered a number of common behaviors that could pose a security risk to organizations. One of the worst is the rather extraordinary length of time spent online for non-work related purposes.

Online Behavior at Work

We found that a quarter of people (28%) spend more than 2 hours a day surfing the web at work. That equates to 10 hours a week or 40 hours a month. In total, more than a fourth of all workers waste 3 months a year on non-work related web surfing. Consider it from this perspective: When you take the average US salary of $46,800 per year, that’s $11,800 a year that employers are unknowingly paying their staff to browse the web.

Social media is the biggest distraction in the workplace for most people. 32% admitted this is what they spent the most time on. That’s followed by 24% of people enjoying online shopping, 19% searching for vacations, and 13% watching sports. More than 1 in 10 people (12%) even said they spend time looking for a new job while at work.

Out of all industries, those in retail appear to have the most time on their hands. 32% of retail employees admitted to spending over two hours a day on the Internet for non-work related activities. That was twice as much time as their counterparts in the healthcare sector, with just 16%.

It was also interesting to note that the bigger the company, the easier it is to surf the net at work. 30% of people from companies employing more than 10,000 people admitted to surfing for at least two hours a day.

Workplace Behavior and Insider Threats

Many instances of Internet surfing at work are harmless diversions or much needed breaks. But, experience shows that online activities can lead to more cyberattacks, such as phishing scams, resulting in insider threat incidents.

Also consider that a classic insider threat scenario involves people taking company data when they leave their jobs. In this survey we wanted to look at that issue from another angle. We measured how many people would take company information to help apply for a position at a competitor. Nearly one fourth of all respondents (24%) replied that they would. We correlated this question with the question about how much time is spent online for non-work related issues. That showed us that 27% of people who said they look online for another job while at work, also admit they would take company data to apply at a competitor.

Disgruntled employees are one of the most common types of malicious insiders. And it stands to reason that many disgruntled workers want a new job. Typical behaviors among such individuals include emailing company data to personal email accounts or downloading information on to a flash drive to transfer to a personal computer. The stakes go higher when unhappy employees also have privileged access to highly sensitive data.

Detecting insider threats is a game of cat and mouse. Our Gurucul Risk Analytics platform monitors user and entity behavior, as well as access entitlements, to identify suspicious actions. Our machine learning algorithms can compare real-time behavior to previously baselined behavior. That allows our customers to identify trends and spot anomalous activities and risky user behavior (like the ones revealed in this survey) so that they can quickly remediate threats.

Learn More

Take a look at our survey report to get the details on risky user behavior, including stats about respondents’ attitudes toward third party threats and motivators for fraud. Get your full copy of the report here: Workplace Behavior Survey