SYS-CON MEDIA Authors: Pat Romanski, Liz McMillan, Yeshim Deniz, Elizabeth White, Courtney Abud

News Feed Item

100 Percent of Organizations have Active Insider Threats, Dtex Systems' Research Shows

Failure to eliminate insider threat blind spot leads to rising sensitive data exposure rates on the public web, email and phone revenge attack, more visits to high-risk websites, and leaves trusted employees vulnerable to attacks

SAN JOSE, Calif., May 15, 2018 /PRNewswire/ -- Dtex Systems, a leader in user behavior intelligence and insider threat detection, today announced availability of its 2018 Insider Threat Intelligence Report. Findings are based on threat assessments from global organizations in public and private sector industries.

Dtex Systems Logo (PRNewsfoto/Dtex Systems)

Dtex found active insider threats in all assessed organizations. This is clear proof that no businesses have been able to eliminate the insider threat blind spot. Failure to gain visibility is allowing malicious and negligent employees to engage in undetected high-risk activities on every endpoint, on and off the network. Malicious employees are users that intentionally harm their organizations through theft, sabotage, and blatant disregard for security policies and controls. Negligent employees are often times trusted users that hurt their organizations due to a lack of awareness, error, or because they are not defended against attacks.

Key findings include:

  • 78 percent of assessments found instances of company data that was accessible via the public web, which was caused by negligent employees' improper use of Google Drive, Dropbox, Box and other cloud apps; up 14 percent over last year
  • 60 percent of assessments identified instances of malicious employees using private, anonymous or VPN browsing to bypass security controls or to research how to bypass controls.
  • 90 percent of assessments discovered that negligent employees were transferring company data to unencrypted and unauthorized USB devices.
  • 91 percent of assessments recognized that negligent employees were expanding the phishing attack surface by accessing personal web mail accounts on company machines; a behavior that was up 4 percent over last year.
  • 67 percent of assessments uncovered cases where malicious employees were visiting inappropriate and risky gaming, gambling and pornography websites; up 8 percent over last year.
  • An assessment exposed a "revenge" attack, where a malicious employee filled out online forms with a senior staff member's contact details, this caused the target's inbox and phone to be overrun with nuisance emails and calls.

To conduct the threat assessments covered in the report, Dtex analyzed anonymized data about user behaviors taking place on public and private sector organizations' endpoints. The data was compared to more than 5,000 known bad-behavior patterns and then turned into intelligence that revealed where insider threat patterns were active. Organizations examined are based in North America, South America and Europe. They included small, midsize and large multinational corporations in a wide range of industries: financial services, legal, technology, public sector, energy, retail, transportation, real estate, and pharmaceutical. Organizations reviewed span the small, mid-size and large categories. Some employ as few as 500, others more than 100,000. To access the full report visit: https://dtexsystems.com/2018-insider-threat-intelligence-report  

Supporting Quotes
"While malicious users are always looking for new ways to defy security controls, not all internal risk comes from bad intent. Trusted employees don't always understand when they are engaged in damaging activities and can fall prey to bad actors looking to steal their credentials. The lack of visibility into all types of user behaviors is creating employee-driven vulnerability problems for every business," said Christy Wyatt, CEO, Dtex Systems. "Organizations have to secure data, neutralize risky behaviors and protect trusted employees against attacks and their own errors. To accomplish all of this, they have to see how their people are behaving and have a mechanism that provides alerts when things go wrong."

"Organizations come to us because they know their employees are engaged in risky behaviors. They usually have no clue of how wide spread these activities are until after we eliminate the insider threat blind spot for them," said Rajan Koo, vice president of customer engineering and lead threat researcher. "After we provide them with intelligence that shows them where risk exists, they are able to take steps to mitigate situations before they worsen."

"Business needs to get out of the cybersecurity denial phase it is stuck in. To do this, it must accept that it needs more visibility into what's going on in its environment," said IT-Harvest Chief Research Analyst and Charles Stuart University Lecturer Richard Stiennon. "This report is a needed reminder of just how oblivious organizations are to high-risk activities that lead to things like data breaches, ransomware attacks and IP theft."

Follow Dtex on Twitter: https://twitter.com/DtexSystems  
Join Dtex on LinkedIn: https://www.linkedin.com/company-beta/113769/ 
Like Dtex on Facebook: https://www.facebook.com/Dtex-Systems-297181017056254 

About Dtex Systems
Dtex Systems arms enterprises across the globe with revolutionary technology to protect against user threats, data breaches, and outsider infiltration. As the only solution combining unparalleled endpoint visibility with advanced analytics, Dtex is able to pinpoint threats with greater accuracy than traditional security methods without adversely impacting user productivity. To learn more, visit www.dtexsystems.com.

 

Cision View original content with multimedia:http://www.prnewswire.com/news-releases/100-percent-of-organizations-have-active-insider-threats-dtex-systems-research-shows-300648256.html

SOURCE Dtex Systems

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
In 2014, Amazon announced a new form of compute called Lambda. We didn't know it at the time, but this represented a fundamental shift in what we expect from cloud computing. Now, all of the major cloud computing vendors want to take part in this disruptive technology. In his session at 20th Cloud Expo, John Jelinek IV, a web developer at Linux Academy, will discuss why major players like AWS, Microsoft Azure, IBM Bluemix, and Google Cloud Platform are all trying to sidestep VMs and containers...
Using serverless computing has a number of obvious benefits over traditional application infrastructure - you pay only for what you use, scale up or down immediately to match supply with demand, and avoid operating any server infrastructure at all. However, implementing maintainable and scalable applications using serverless computing services like AWS Lambda poses a number of challenges. The absence of long-lived, user-managed servers means that states cannot be maintained by the service. Lo...
With the new Kubernetes offering, ClearDATA solves one of the largest challenges in healthcare IT around time-to-deployment. Using ClearDATA's Automated Safeguards for Kubernetes, healthcare organizations have access to the container orchestration to dynamically deploy new containers on demand, monitor the health of each container for threats and seamlessly roll back faulty application updates to a previous version, avoid system-wide downtime and ensure secure continuous access to patient data.
Isomorphic Software is the global leader in high-end, web-based business applications. We develop, market, and support the SmartClient & Smart GWT HTML5/Ajax platform, combining the productivity and performance of traditional desktop software with the simplicity and reach of the open web. With staff in 10 timezones, Isomorphic provides a global network of services related to our technology, with offerings ranging from turnkey application development to SLA-backed enterprise support. Leadin...
With the rise of Docker, Kubernetes, and other container technologies, the growth of microservices has skyrocketed among dev teams looking to innovate on a faster release cycle. This has enabled teams to finally realize their DevOps goals to ship and iterate quickly in a continuous delivery model. Why containers are growing in popularity is no surprise — they’re extremely easy to spin up or down, but come with an unforeseen issue. However, without the right foresight, DevOps and IT teams may lo...
Platform9, the open-source-as-a-service company making cloud infrastructure easy, today announced the general availability of its Managed Kubernetes service, the industry's first infrastructure-agnostic, SaaS-managed offering. Unlike legacy software distribution models, Managed Kubernetes is deployed and managed entirely as a SaaS solution, across on-premises and public cloud infrastructure. The company also introduced Fission, a new, open source, serverless framework built on Kubernetes. These ...
Emil Sayegh is an early pioneer of cloud computing and is recognized as one of the industry's true veterans. A cloud visionary, he is credited with launching and leading the cloud computing and hosting businesses for HP, Rackspace, and Codero. Emil built the Rackspace cloud business while serving as the company's GM of the Cloud Computing Division. Earlier at Rackspace he served as VP of the Product Group and launched the company's private cloud and hosted exchange services. He later moved o...
As you know, enterprise IT conversation over the past year have often centered upon the open-source Kubernetes container orchestration system. In fact, Kubernetes has emerged as the key technology -- and even primary platform -- of cloud migrations for a wide variety of organizations. Kubernetes is critical to forward-looking enterprises that continue to push their IT infrastructures toward maximum functionality, scalability, and flexibility. As they do so, IT professionals are also embr...
Kubernetes is a new and revolutionary open-sourced system for managing containers across multiple hosts in a cluster. Ansible is a simple IT automation tool for just about any requirement for reproducible environments. In his session at @DevOpsSummit at 18th Cloud Expo, Patrick Galbraith, a principal engineer at HPE, will discuss how to build a fully functional Kubernetes cluster on a number of virtual machines or bare-metal hosts. Also included will be a brief demonstration of running a Galer...
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily own their code into production, but want to use platforms instead of raw automation. That’s changing the landscape that we understand as DevOps with both architecture concepts (CloudNative) and process redefinition (SRE). Rob Hirschfeld’s recent work in Kubernetes operations has led to the conclusion that containers and related platforms have changed the way we should be thinking about DevOps and...
Cloud-Native thinking and Serverless Computing are now the norm in financial services, manufacturing, telco, healthcare, transportation, energy, media, entertainment, retail and other consumer industries, as well as the public sector. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that pro...
Docker is sweeping across startups and enterprises alike, changing the way we build and ship applications. It's the most prominent and widely known software container platform, and it's particularly useful for eliminating common challenges when collaborating on code (like the "it works on my machine" phenomenon that most devs know all too well). With Docker, you can run and manage apps side-by-side - in isolated containers - resulting in better compute density. It's something that many developer...
Technology has changed tremendously in the last 20 years. From onion architectures to APIs to microservices to cloud and containers, the technology artifacts shipped by teams has changed. And that's not all - roles have changed too. Functional silos have been replaced by cross-functional teams, the skill sets people need to have has been redefined and the tools and approaches for how software is developed and delivered has transformed. When we move from highly defined rigid roles and systems to ...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It's clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Th...
xMatters helps enterprises prevent, manage and resolve IT incidents. xMatters industry-leading Service Availability platform prevents IT issues from becoming big business problems. Large enterprises, small workgroups, and innovative DevOps teams rely on its proactive issue resolution service to maintain operational visibility and control in today's highly-fragmented IT environment. xMatters provides toolchain integrations to hundreds of IT management, security and DevOps tools. xMatters is the ...