When insiders attack a company, with the intent of stealing sensitive data, there are a few steps they (usually) take. With this pattern of behavior being similar for most attackers, companies could be able to spot an imminent attack, if they could spot some of these patterns.
However, in most cases, they’re not really good at it.
This is according to a new report from workforce security firm DTEX, which says there are three steps leading up to an attack – reconnaissance, circumvention, and data aggregation.
Polling 1,249 IT and IT security professionals in North America, Western Europe and Australia/New Zealand, the report found nearly half can’t prevent an insider attack at the first two stages, while more than half (53 percent) can’t do it while data is being aggregated.
The third one is also a “key indicator” that there’s a data exfiltration attack at hand.
Consequently, less than a third (32 percent) of companies feel confident in their ability to prevent sensitive information from leaking.
All of this, the report further argues, is happening because businesses don’t have effective monitoring controls and practices set up. In 15 percent of cases, no one at the firm has the ultimate authority and responsibility for controlling and mitigating workforce risks.
“Our findings indicate that in order to fully understand any insider incident, visibility into the nuance and sequence of human behavior is pivotal,” said Rajan Koo, chief customer officer at DTEX Systems. “Organizations need to take a human approach to understanding and detecting insider threats, as human elements are at the heart of these risks,” he added.