In a recently released Insider Threat Intelligence Report from Dtex Systems, it was revealed that in a whopping 95% of organizations, employees are actively attempting to bypass the security protocols and procedures put in place to protect them.
This report is both scary and staggering – because it further reveals that:
employees were actively researching, installing or executing security or vulnerability testing tools in attempts to bypass corporate security. Additionally, they were more frequently using VPNs, TOR and other anonymity tools to bypass organizational security and web-browsing restrictions. This finding alone signals that employees are getting savvier when it comes to getting around productivity restraints imposed by security provisions.
“Some of the year’s largest reported breaches are a direct result of malicious insiders or insider negligence,” said Christy Wyatt, CEO at Dtex Systems. “With limited visibility into user risk, companies face unlimited exposure which can have heavy legal and/or financial implications. Organizations that actively monitor what’s happening on their endpoints and quickly act to address risks can protect their most important assets: their employees and their data.”
As a security consultancy and security solutions provider, we are constantly surprised at how any companies, especially in the SMB space, allow their users to install software. But perhaps worse still, we’ve found shadow-IT in companies, such as rogue wifi access points and although we have yet to find a cliet where someone installed penetration testing devices, this report suggests it is only a matter of time before we run across that as well.
Reading a little further into the dTex Systems report, and we find some scarier statistics which are not surprising to us:
- People are the weakest security link — 60 percent of all attacks are carried out by insiders. 68 percent of all insider breaches are due to negligence, 22 percent are from malicious insiders and 10 percent are related to credential theft. Also, the current trend shows that the first and last two weeks of employment for employees are critical as 56 percent of organizations saw potential data theft from leaving or joining employees during those times.
- Increased use of cloud services puts data at risk — 64 percent of enterprises assessed found corporate information on the web that was publicly accessible, due in part to the increase in cloud applications and services. To make matters worse, 87 percent of employees were using personal, web-based email on company devices. By completely removing data and activity from the control of corporate security teams, insiders are giving attackers direct access to corporate assets.
- Inappropriate internet usage is driving risk — 59 percent of organizations analyzed experienced instances of employees accessing pornographic websites during the work day; 43 percent had users who were engaged in online gambling activities over corporate networks, which included playing the lottery and using Bitcoin to bet on sporting events. This type of user behavior is indicative of overall negligence and high-risk activities taking place.
The biggest takeaway from this report for us, is that SMB security relies on two major factors:
- locking down permissions and security on the network, border (firewall), endpoints and servers
- visibility to new installations at the network and software levels are absolutely essential
Combine this with one overriding fact – if you don’t run business grade tools, you have none of this..
A typical SMB that grew organically from a couple of employees to somewhere in the 5-50 range can fall foul of the ‘buy consumer security product – they are good enough’.
We have to tell you, they just are NOT good enough – not nearly good enough to let you know if your employees are doing something which can harm you or your company!
The good news is that when you purchase a solid set of security tools – and – when you set them up properly; then you can have your systems notify you when a new device appears on the network, or when a new piece of software appears on a trusted employee’s desktop. But until you combine that with someone who is monitoring these alerts, and checking out the security implications of these alerts, you just don’t know if the person doing your social networks has installed a graphics editing software, or a TOR browser to bypass the firewall.
As a minimum, stop giving end-users the ability to install software, and we recommend you have a proper firewall or UTM appliance, combined with a solid endpoint protection solution – preferably one which monitors installed software and allows you to lock down USB devices.