Image Credit: ipopba/getty

When it comes to data protection, the most serious threats often lie within your organization. Malicious or negligent employees can provide a simple entry point for threat actors to gain direct access to your most high-value data, as highlighted most recently by the Apple Car IP leak in August. 

To mark National Insider Threat Awareness Month, Cyberhaven today released a new report that examines proprietary data from 1.4 million workers and over 400,000 exfiltration incidents, and found that one in 10 employees will exfiltrate sensitive data in a six-month period. 

The research found that personal cloud storage accounts are the most common way for employees to leak IP data, with Dropbox being the most popular platform.  

Above all, Cyberhaven’s findings indicate that security leaders can’t afford to overlook the risk of employees leaking sensitive information, particularly amid the Great Resignation. 

Insider threats during the Great Resignation 

Throughout the COVID-19 pandemic, much has been made of the Great Resignation, which saw 47 million Americans quitting their jobs in 2021, and shows no signs of stopping, with 40% of U.S. workers currently considering quitting their jobs. 

This high turnover of employees means that enterprises can’t depend on employees to maintain the privacy of sensitive data, particularly if they plan to move to a new position. 

Cyberhaven’s research hints at this, finding that employees are much more likely to take sensitive information in the two weeks before they resign, with an 83.1% increase in incidents compared to baseline.

Going forward, enterprises can’t afford to underestimate the level of privilege and access to critical data assets that employees have, nor ignore the financial incentives they have to steal and sell IP data to cybercriminals.  

“Hackers may be trying to get companies’ sensitive data, but employees already have free and open access to it. When they take or leak that information (intentionally or not), it can cost companies hundreds of millions in lost IP and reputational damage. High-profile recent examples include Twitter, TikTok, Facebook, and even the U.S. Supreme Court,” said Howard Ting, Cyberhaven CEO. 

Mitigating insider risk and maintaining data protection

While it’s important to note that not all insider threats are malicious (sometimes employees make mistakes and share data on the wrong devices/services), security teams need to operate under the assumption that any employee can and will leak sensitive information. 

Perhaps the simplest answer to mitigating insider risk is to apply the principle of least privilege and only provide employees with access to the minimum data assets that they need to do their job. This means that if the individual decides to leak the information or someone hacks their account, only a small segment of information is exposed. 

Gartner (subscription required) recommends that organizations can make insider risk manageable by focusing on implementing the “rule of three.” Under the rule of three, risk management leaders must understand the threat actor (type), what they are trying to do (threat), and how they can mitigate the risk (goals). 

Briefly, the types are classified as careless users, malicious users, and compromised credentials. The threat activities are fraud, data theft and system sabotage, and the mitigation goals are to deter, detect and disrupt the threat actor.