- Study conducted by Stanford University suggests that 97% of insider threat cases involves employee whose suspicious behavior is flagged by a supervisor and organization failed to act upon it.
- Negative event at work accounts for 92% of insider threat cases. Such as demotion, termination, dispute with a supervisor.
- IT Employees who lost their jobs take confidential and sensitive information with them. This accounts for 90%.
- Also, Employees who leaves voluntarily or involuntarily happens to take confidential and sensitive information with them. This accounts to 59%.
- Most of the data exfiltration happens by the means of email communication. 25% of employees have seen using this method.
Some of the categories of activity linked to insider threats are as follows
1. Personal Management
- Performance reviews denied by managers
- Notice of resignation or termination
2. External Data
- Posts on social media
- Criminal records
- Financial duress
3. Physical Security
- Denied request from employee for various physical access
So how can we monitor such employees behavior?
1. Compliance
- Monitor if employee is complying with all the training requirements. Start with what employee is expected of and what consequences will follow if company policy is violated.
2. Network Activity
- Monitor denied access requests
- Monitor excessive downloads activities
3. Data Exfiltration
- Attachments sent to non-office domain, suspicious recipients
- Removable storage use
- Spikes in outbound email traffic and firewall data
No comments:
Post a Comment