Employees, MSPs and developers top third-party risks

Nearly a quarter (24%) of employees would steal company information to help apply for a position at a competitor, according to the latest Workplace behavior survey by security firm Gurucul.

The poll of 476 IT security professionals it conducted at Blackhat USA 2019 also found that 12% admitted to spending time at work looking for another job, and more than a quarter (27%) of those said they would take company data to apply at a competitor

Disgruntled employees are among the most common insider threat scenarios, the survey report said. “And it stands to reason that a great many disgruntled workers are looking for a new job. Common behaviours among such individuals include emailing large amounts of company data to their personal email accounts or downloading information on a flash drive to transfer to a personal computer.

“Unhappy employees with access to highly sensitive data are a particularly significant threat,” the survey report said.

The survey shows that after employees, managed service providers (34%) and developers (30%) pose the leading sources of third party risk, and that the most likely perpetrators of insider fraud are people working in the finance department (32%), followed by the c-suite (17%) and product development (16%).

Insider threats – whether they are malicious or accidental – are a serious cyber security problem for organisations, the report said, because they can cause significant damage and are often much more difficult to detect and prevent than external attacks.

The survey also shows that 44% of respondents spend at least one hour a day on non-work related web sites; that employees at larger organisations are more likely to browse the internet for fun while at work; and that browsing social media sites is the most popular non-work related online activity.

The report notes that while most instances of internet surfing at work are harmless diversions, increased surfing can lead to more incidents of insider threat mistakes.

In light of these risks, almost three quarters (74%) of respondents said they had tightened up third-party access in their organisations to reduce the likelihood of third-party data breaches, with 80% of respondents in the finance and retail sectors saying they had done so.

Securing third-party access is one of the best ways to protect against intentional or accidental data breaches, the report said, adding that organisations should strive to gain “granular control and insight” into the actions of their third-party suppliers and contractors.

“What these findings show is that insider fraud is a top concern among IT security professionals, as are the security risks associated with third parties that have privileged access to corporate resources,” said Craig Cooper, chief operating officer at Gurucul.

“Since detecting insider threats by employees and trusted third parties is the ultimate game of cat and mouse, many leading edge security organisations are using machine learning to compare the behaviour of all users against established baselines of ‘normal’ activity,” he said. “This allows them to identify anomalous events and spot outliers so they can remediate threats early on.”

Saryu Nayyar, CEO at Gurucul, said workplace monitoring is often viewed as a spying tactic used by “paranoid or nosy employers” to keep an eye on staff behaviour.

“But it depends on the type of monitoring being utilised,” she said. “Most employees recognise the importance of user behavior monitoring for preventing data breaches.”