What would you do if you knew you were leaving your job? Would you send company information to your personal email address? Would you go even further and delete files or change passwords? Well no, you personally wouldn’t do that of course. But, as it turns out, not everyone is like you.
During the recent Infosec Europe Conference in London we conducted a survey of more than 320 IT security professionals. Here’s what we learned. More than 1 in 10 security pros admitted they would take as much company information with them as possible before leaving their jobs. Perhaps they feel entitled to materials they created. Or maybe they’d want to abscond with customer data that would be priceless at their new gig.
But that wasn’t the biggest reveal. Here’s the stat that stood out. 15% of respondents confessed they would delete files or change passwords upon exiting their company. Could be they’d delete files out of malice for their employers. Maybe they would change passwords with the hope that they could still get into their old systems after leaving the company. Whatever the reason, the reality is that your company data is at risk from soon-to-be former employees.
These findings underscore the challenges of finding and stopping insider threats. For many organizations, concerns about cybersecurity begin and end with defending against external cyberattacks. However, many IT security experts consider insider threats to be more difficult to detect than external attacks, and generally much more damaging. According to Verizon’s 2019 Data Breach Investigations Report, more than one third of all cyberattacks last year involved internal actors.
The Insider threat is a serious problem simply because it comes from within the organization. Unlike external attackers, insiders already know where to find and access sensitive company data. Therefore, they know exactly where to strike if they decide to go rogue.
Within networks, identities and entitlements are often in a state of excess due to manual processes built upon static identity management rules and roles. So, it’s not uncommon for employees and contractors to have access to systems and applications that they don’t need for their jobs. These unsecured access rights can allow some employees to perform abusive actions, or accidentally make costly mistakes.
However, insider threats are not necessarily caused only by those within the organization. They can also occur when credentials of employees are shared or compromised. This account compromise security threat often goes undetected for lengthy periods of time.
Gurucul mitigates these risks with user and entity behavior analytics (UEBA) and identity analytics. Our customers can not only monitor, detect and remove excess access before it’s too late, they can also detect unusual or risky user behavior. By detecting when users are acting in ways that contradict their normal behavior and job function, our customers can intervene and prevent destructive actions.
Here’s one unexpected data point from the survey. Contrary to popular belief, 62% of people would not be deterred from taking a job from a company that utilizes user activity monitoring.
Workplace monitoring is often viewed as a spying tactic, taken up by paranoid or nosy employers to keep an eye on staff behavior. However, monitoring user behavior for the purpose of identifying unusual, risky actions is not the same as monitoring a particular employee to snoop on his Internet browsing history, for instance. Instead, user and entity behavior analytics is there to detect threats that would otherwise remain unknown. It’s encouraging that the information security professionals who completed the survey recognized this.
Insider threats are a serious cybersecurity problem for companies. They cause significant damage and are difficult to detect. With breakthroughs in behavior analytics powered by machine learning, it’s now possible to detect anomalous employee activities that are indicative of a security threat. By implementing Gurucul’s UEBA technology, companies can better protect themselves from the insider threat.
Learn more by downloading the whitepaper Uncover Insider Threats Through Predictive Security Analysis.