According to a report released today by Gurucul, a leader in unified security and risk analytics technology for on-premises and the cloud, 65 per cent of nearly 300 international cybersecurity professionals surveyed at RSA Conference 2020 admit to having accessed company documents that have nothing to do with their job role.
The survey was conducted to gauge how common insider threat behaviour is among IT security professional who are most attuned to the cyber threats facing organisations. Insider threats are more difficult to detect and prevent than traditional outsider attacks, therefore this research is an important step in terms of understanding and averting insider attacks.
Broken down across a range of industries and company sizes, some other interesting highlights include:
- In finance, 58 per cent said they have emailed company documents to their personal accounts.
- In healthcare, 33 per cent have abused their privileged access.
- In retail, 86 per cent have clicked on a link in an email from someone they didn’t know.
- In midsize companies, 62 per cent did not alert IT when their job role had changed
This showcases the problems organisations have with employees behaving outside of the bounds of practical and published security policies. The human element is often the deciding factor in how data breaches occur. Monitoring and deterring risky employee behaviour with machine learning based security analytics is the most effective measure in keeping mayhem to a minimum. People may not realise their behaviour in opening the door to cyber criminals, which is why security analytics technology is so critical to maintaining a secure corporate environment.
A full copy of the report is available here: https://gurucul.com/2020-rsa-conference-survey-whats-your-risk-score