Code42, the leader in insider threat detection, investigation and response, released its 2020 Data Exposure Report on insider threat. The study found that cloud-based collaboration technologies and workforce turnover have become major drivers of data exfiltration as insider threat programs fail to keep pace with today’s digital workplace. Code42 surveyed nearly 5,000 knowledge workers at companies with more than 1,000 employees in the U.S., U.K. and Germany.
“When it comes to data loss, leak and theft, for too many companies, the inside is their blindside,” said Joe Payne, Code42’s president and CEO. “Insider threat programs are not keeping up with today’s collaborative work culture. People and data are on the move now more than ever. Workers are switching jobs, and company files are being uploaded to the web, emailed as attachments and synched to personal cloud accounts. Our new report is a wake-up call for security teams that have traditionally relied on prevention-based security strategies for blocking when the rest of their organization is busy sharing.”
Workers Opt for Unsanctioned Collaboration Tools to Share Company Files
Cloud-based collaboration tools have changed the workplace. As part of their regular work routines, employees are emailing, airdropping, messaging and slacking from desktops, mobile devices, on the road and in coffee shops. According to the report, workers routinely use both authorized and unauthorized cloud-based platforms to share files and ideas with colleagues. They sidestep sanctioned tools because they believe they are too complicated, restrictive and slow—or don’t have enough features.
The study found:
- The leading corporate standards for file sharing and collaboration include email (34%), Microsoft Sharepoint (26%), Microsoft OneDrive (23%) and Google Drive (19%)
- WhatsApp (34%), Google Drive (30%), Facebook (29%) and personal email (26%) are the most commonly-used unauthorized platforms for sharing files with colleagues
- Thirty-seven percent (37%) of workers use unauthorized apps daily while 26% use them weekly to share files with colleagues
Collaboration Tools Rated Among Top Vectors for Data Exfiltration
While technology has made it easy for employees to share files legitimately via personal email and the cloud, it’s also made it easier for them to exfiltrate — or even infiltrate — data like product ideas, source code and customer lists. The risk of insider threat incidents is heightened because the very tools that workers use to collaborate are some of the most popular vectors for data exfiltration.
The study found:
- More than one-third (36%) of workers believe that the increased emphasis on file sharing has made them more complacent about data security
- Workers move data from one organization to another using email (38%), print hard copies (37%), external devices (35%), cloud collaboration platforms (31%) and browser uploads (26%)
- Nearly three-fourths (73%) of employees report they have access to data they didn’t create; 69% can view data they didn’t contribute to; and 59% can see data from other departments
Insider Threat Programs Earn a Failing Mark as Workers Change Jobs
The simple act of changing jobs can tempt employees to take company data — and workers are changing jobs more frequently than ever. Security teams continue to grapple with how to effectively deal with data theft and misuse — whether accidental or intentional — when employees depart. As workers move from company to company, they admit that they have not only taken data with them, they have done it more than once. The consequences of this behavior are even more damaging to a business when workers take data from a former employer and go to work for a competitor. According to the research, both former and new employers do little to stop data theft by transitioning employees.
Key findings said:
- 51% of the workers surveyed believe that the risk to corporate data when employees depart is bigger than organizations think
- Two-thirds (63%) of respondents who said they have taken data are repeat offenders
- Nearly nine out of ten (87%) of employees report that no one ever approached them from their former employer to verify that they hadn’t taken data
- Three-fourths (75%) of respondents say that their new employer did not ask them if they had brought data from their previous employer
- One-third (32%) of respondents who had infiltrated data were encouraged by their new employers to share it with new colleagues
“Without the ability to detect and investigate file movement both inside and outside company walls, insider threat programs are leaving data more vulnerable and security teams flying blind,” said Jadee Hanson, chief information security officer and vice president of information systems for Code42. “There’s a gap in the protection stack. Security teams need to reassess their solutions. This starts with an insider threat program that provides complete data visibility — from who has data access, to where data lives and moves.”
For more details, download a free copy of the 2020 Data Exposure Report here. To learn more about how to detect, investigate and respond to insider threats, visit the Code42 website or the Code42 booth N-6079 at RSA 2020.