The majority of risk assessments examined in a recent insider threat report spotted users who tried to bypass their employer’s security measures using private or anonymous browsing.

Researchers analyzed user threat assessments performed on customers and prospective clients across the globe and found that 60 percent identified such behavior. These analyses provided insight into the types of user actions that put enterprise data at the greatest risk.

Risk Assessments Identify Insider Threats

The report identified malicious users as a “traditional” type of insider threat. After analyzing multiple types of activity, the researchers singled out attempts to bypass company security as the most reliable way to confirm that a user action is malicious.

Other indicators of bad intent included employees’ use of “high-risk applications,” such as PowerShell and uTorrent, and the use of the web for inappropriate purposes, such as gaming and gambling. These factors came in at 72 percent and 67 percent of risk assessments, respectively, according to Dtex Systems’ “2018 Insider Threat Intelligence Report.”

Even so, the security firm noted that negligent insiders tend to be far more common than malicious ones. The authors explained that this type of negligence-based incident can take the form of users downloading risky applications or pirated media due to lack of security awareness. The report also found that companies themselves can create insider threats by leaving data publicly exposed in the cloud (78 percent of risk assessments) or transferring data to unencrypted USB devices (90 percent of risk assessments).

Spotting Risky Behavior

Dtex CEO Christy Wyatt offered some advice to help organizations protect themselves against insider threats.

“Organizations have to secure data, neutralize risky behaviors, and protect trusted employees against attacks and their own errors,” she said. “To accomplish all of this, they have to see how their people are behaving and have a mechanism that provides alerts when things are go wrong.”

Consistent with Wyatt’s advice, the authors of the report advised organizations to create a defense-in-depth strategy that emphasizes visibility into suspicious actions, such as when employees take their devices off the corporate network.

More from

Beyond Requirements: Tapping the Business Potential of Data Governance and Security

3 min read - Doom and gloom. Fear, uncertainty and doubt. The "stick" versus the "carrot". What do these concepts have in common? They have often provided the primary motivation for organizations’ data governance and security strategies. For the enterprise, this mindset has perpetuated the idea that data governance, data security and data privacy are reactive cost centers existing due to externally imposed requirements or mandates.Yet, what if data governance and security practices could upend the prevailing paradigm and demonstrate direct business value?[button link="https://community.ibm.com/community/user/security/events/event-description?CalendarEventKey=8d7fdc61-97bf-43b0-b7d6-018756e436a6&CommunityKey=aa1a6549-4b51-421a-9c67-6dd41e65ef85&Home=%2fcommunity%2fuser%2fsecurity%2fcommunities%2fcommunity-home%2frecent-community-events"…

3 min read

Protecting Against Remote Monitoring and Management Phishing

3 min read - You use remote monitoring and management (RMM) software to closely monitor your cyber environment and keep your organization safe. But now cyber criminals are specifically targeting these tools, causing legitimate software to become a vulnerability. This is the latest type of attack in an increase in a recent trend of disruptive software supply chain attacks. The Cybersecurity and Infrastructure Security Agency (CISA) recently released an alert about the malicious use of legitimate remote monitoring and management (RMM) software. Last fall,…

3 min read

Secure-by-Design: Which Comes First, Code or Security?

4 min read - For years, developers and IT security teams have been at loggerheads. While developers feel security slows progress, security teams assert that developers sacrifice security priorities in their quest to accelerate production. This disconnect results in flawed software that is vulnerable to attack. While advocates for speed and security clash, consumers must often pay the price when threat actors strike. 48% of developers admitted they were still shipping code with vulnerabilities in 2022. It’s clearly time for a change. Many believe…

4 min read

ITG10 Likely Targeting South Korean Entities of Interest to the Democratic People’s Republic of Korea (DPRK)

7 min read - In late April 2023, IBM Security X-Force uncovered documents that are most likely part of a phishing campaign mimicking credible senders, orchestrated by a group X-Force refers to as ITG10, and aimed at delivering RokRAT malware, similar to what has been observed by others. ITG10's tactics, techniques and procedures (TTPs) overlap with APT37 and ScarCruft. The initial delivery method is conducted via a LNK file, which drops two Windows shortcut files containing obfuscated PowerShell scripts in charge of downloading a…

7 min read