August Newsletter 2019

Quote of the Month

A quarter of people spend over 2 hours a day browsing the web while at work, equating to 10 hours a week and a mind-blowing 40 hours a month.”

The Gurucul Workplace Behavior Survey


The Backstory

Earlier this month Gurucul was a sponsor and exhibitor at Black Hat USA 2019. As always, it was great to meet with IT security pros from around the world to learn more about the challenges they face, and discuss how our security analytics platform can meet many of today’s most pressing cybersecurity threats.

We also took the occasion of Black Hat this year to conduct a survey of attendees. Over the course of two days we canvassed 476 people – more than half of whom work in organizations with at least 2,500 employees. We wanted to gain a better sense of people’s behavior in the workplace that could pose a cybersecurity risk to organizations. We uncovered some eye-popping results, starting with the extraordinary length of time employees spend online for non-work related purposes.

We found that a quarter of people (28%) spend more than 2 hours a day browsing the web while at work for personal use. That equates to 10 hours a week or 40 hours a month. In total, more than a fourth of all workers waste 3 months a year on non-work related web surfing. When you take the average US salary of $46,800 per year, that’s $11,800 a year that employers are unknowingly paying their staff to browse the web.

Social media is the biggest distraction in the workplace for most people. 32% admitted this is what they spent the most time on. That’s followed by 24% of people enjoying online shopping, 19% searching for vacations, and 13% watching sports. More than 1 in 10 people (12%) even admitted to looking for a new job while at work.

Out of all the industries, those in retail appeared to have the most time on their hands. 32% of retail employees said they spend over two hours a day browsing the web while at work. That was twice as much time as their counterparts in the healthcare sector, at just 16%.

It was also interesting to note that the bigger the company, the easier it was to surf the net at work. 30% of people from companies employing more than 10,000 people copped to surfing for fun at least two hours a day.

Workplace Behavior and Insider Threats

Many instances of Internet surfing at work are harmless diversions or much needed breaks. But, experience shows that online activities can lead to more cyberattacks, such as phishing scams, resulting in instances of insider threat incidents.

Also consider that a classic insider threat scenario involves people taking company data when they leave their jobs. In this survey we wanted to look at another angle of this issue. We measured how many people would take company information to help apply for a position at a competitor. Nearly one fourth of all respondents (24%) replied that they would. Correlating this question with the question about how much time is spent online for non-work related issues revealed that 27% of people who said they look online for another job while at work, also admit they would take company data to apply at a competitor.

Disgruntled employees are one of the most common types of malicious insiders. And it stands to reason that many frustrated workers want a new job. Typical behaviors among such individuals include emailing company data to personal email accounts or downloading information onto a flash drive to transfer to a personal computer. The stakes go higher when unhappy employees also have privileged access to highly sensitive data.

Other topics explored in the survey were the motivations for fraudulent acts and third party access risks. The survey found that managed service providers (34%) and developers (30%) are the leading sources of third party risk. Third parties – whether they’re a supplier, an external developer, a service contractor or someone else – are a serious, though sometimes underestimated, threat. Most businesses rely on at least some third party workers, and these third parties usually have access to critical systems.

Businesses are increasingly migrating their IT and cybersecurity operations to MSPs, which are likely to have privileged access into systems with sensitive data. Knowing what these MSPs are doing with that elevated access is a security imperative. It’s also essential for businesses to establish a clear understanding of the responsibilities for cybersecurity between themselves and their MSPs.

As for fraud, it seems that if someone was to commit a fraudulent act it would most likely occur in the finance department (32%). After finance, the second most common response was the C-suite (17%). That stands to reason considering that C-level executives are often targets of fraud and cyberattacks (particularly phishing) due to the insider knowledge they possess. Also, not surprisingly, money is overwhelmingly seen as the primary motivation for committing fraudulent acts at 53% of responses.

The Gurucul Solution

Detecting insider threats is a game of cat and mouse. Our Gurucul Risk Analytics platform monitors user and entity behaviour as well as access and entitlements to identify suspicious actions. Our machine learning algorithms can compare real-time behavior to previously baselined behavior. That allows our customers to identify trends and spot anomalous activities (like the ones revealed in this survey) so that they can quickly remediate threats.

Get The Workplace Behavior Survey Report

Take a look at our survey report to get the details. Get your full copy of the report here: Workplace Behavior Survey.

Download Now

The Benefits of Putting Security in Network Behavior Analytics

Network Behavior Analytics Whitepaper

Gurucul CEO Saryu Nayyar explains how network behavior analytics technology provides deep visibility into unknown and undetected threats based on the abnormal behavior on an enterprise network.

Enterprise networks are experiencing massive change, with cloud, IoT, and mobility, causing legacy perimeters to transition from private networks, to borderless infrastructures. Meanwhile, adversaries are using resourcefulness and perseverance to overcome legacy defenses to get a foothold inside the organization. Once there, assets are at risk and its a race against time to weed-out attackers’ footprints from the massive amount of data being generated in a typical corporate network.Network Behavior Analytics is the Next-Generation Defense


Ransomware and Medical Devices: How Behavior Analytics Can Protect Patients

Network Behavior Analytics Whitepaper

Medical devices must be managed from a security perspective, but also from an IT operational perspective explains Gurucul customer William Scandrett, CISO of Allina Health.

From a cybersecurity perspective, I believe the healthcare industry is in a growing medical device crisis. The emerging trend of ransomware attacks on medical devices has created serious vulnerabilities in healthcare security.

Ransomware threats, and their implications for medical devices, center around the wide adoption of easily compromised operating systems on these devices, creating a growing vulnerability with potentially life-threatening ramifications. And what many people may not know is that ransomware attacks on medical devices have already occurred.Network Behavior Analytics is the Next-Generation Defense


In the News


What’s New On Our Blog

Detect Call Center Fraud with Security Analytics Detect Call Center Fraud with Security Analytics. Enterprise fraud management platforms have been around for years. But many legacy solutions cannot make critical data associations and identify anomalous behaviors. Recent advancements in a range of technologies from Big Data to machine learning have come together in Gurucul Fraud Analytics. Read More.
ABCs of UEBA: J is for JSON. ABCs of UEBA: J is for JSON. A mature User and Entity Behavior Analytics (UEBA) solution integrates with as many of your enterprise applications as possible. You want to ingest data feeds from applications, infrastructure (Systems, AD/LDAP, Devices, etc.), and cyber security feeds (threat intelligence, DLP, Firewall, etc.). Read More.
How to Practice Cyber Safety on Social Media as an Industry Professional How to Practice Cyber Safety on Social Media as an Industry Professional. In today’s digital age, almost every security tradeshow, convention, and summit has some kind of social media branding around the event. Similarly, almost all the companies, vendors, and exhibitors execute a social campaign. However, a good amount of security professionals will have no idea about this because they don’t partake in social networking. Why? Read More.
Detect Unknown Cyber Threats with Network Traffic Analysis Detect Unknown Cyber Threats with Network Traffic Analysis. This technology applies behavioral analysis to network traffic to detect suspicious activities that most security tools miss – those unknown unknowns. Read More.

 


Join Us

FS-ISAC 2019 Americas Fall Summit. November 17-20, 2019. Washington, DC. Join Gurucul at this event for actionable information on how to address evolving threats, develop new strategies and meet changing regulations.

Health-ISAC 2019 Fall Summit. December 2-6, 2019. San Diego, CA. Up your game with Gurucul! We offer Behavior Based Security Analytics and Intelligence to predict, detect and stop insider threats, healthcare provider fraud, and consumer fraud.

Share this page: