Employees and contractors expose information online in 98 percent of organizations
Employees and contractors are exposing confidential and sensitive information online and in the cloud in some 98 percent of organizations. This is found primarily in Dropbox, Google, and Microsoft SharePoint.
This is among the findings of a new report from insider threat specialist Dtex Systems which has analyzed information from work-issued endpoints and more than 300,000 employee and contractor accounts.
All of the assessments detected employees and contractors transferring confidential and sensitive data via unencrypted USB drives, personal email accounts, and cloud applications, an increase of 10 percent over 2018.
In addition 97 percent of assessments detected employees and contractors who were flight risks, a class of insider threat that often steals data and IP. This is an increase of 59 percent over 2018. 95 percent detected employees and contractors attempting to bypass or circumvent security controls via anonymous browsing, VPN and TOR usage, up 35 percent over 2018.
Employees and contractors were engaged in high-risk internet surfing in 76 percent of assessments, including visiting pornography, questionable gaming and gambling sites, up nine percent over 2018.
"Many organizations don't completely understand how the insider threat impacts their businesses. It's not just created by malicious actors like Edward Snowden, who are few and far between. The insider threat stretches across all employees, contractors or other third parties that have been granted or surreptitiously gained access to networks and who have the potential to place data and systems at risk," says Rajan Koo, Dtex VP of customer engineering and head of the insider threat analyst team. "Our annual insider threat intelligence report provides a valuable education on what the insider threat is, how it manifests, and how to detect it before it creates catastrophic circumstances."
The full report is available from the Dtex website.