Employees who plan to leave their jobs are made up of 60% of the causes of cybersecurity incidents

According to a study conducted by a company specializing in the development of security analysis and operations management platforms based on machine learning and sensitive data, security2Securonix, employees who are likely to be the cause of data leakage are usually those who are about to quit their jobs. The company's report, which was released last week on its "leak-risk" employees, which are one of the most serious internal threats to be taken seriously.

This article will also interest you: When employees acknowledge that they don't always follow the rules

Why are employees who are about to resign considered those who are at risk? Simply because they tend to change their behaviour as the period of their departure approaches. This kind of altitude was observed between 2 months and 2 weeks before the completion of the computer attack and the departure of the individual concerned.

In the organization of companies, employees and even often subcontractors have access to certain parts of the computer system. And Max and that can allow him to cause enormous damage, use confidential or sensitive information, or be the intentional or unintentional cause of a security breach. This is by downloading or using company resources through unlicensed and unauthorized services. This is exactly what happened to the cybersecurity firm Trend Micro, where a crooked employee allowed himself to hijack certain customer data of the security company for the purpose of selling or using it in targeted scams.

As a result, the above report noted that 60% of cybersecurity incidents, as well as the vast majority of data leaks experienced by companies, are generally due to "leak-risk" employees, either directly or indirectly. To complete its study, the cybersecurity company analyzed nearly 300 security incidents, observing in entirely different sectors, including finance, technology, information, pharmaceuticals, telecoms, manufacturing and distribution services and health.

Here's what's been identified:

– 62% of security incidents are usually related to data exfiltrations;

– 19% relates to abuse of privilege;

– 9.5% relates to cyberespionage;

– 5.1% comes from acts of infrastructure sabotage;

– 3.8% relates to circumventing information technology controls;

– Less than 1% are related to account sharing.

"The largest number of data exfiltration incidents was observed in pharmaceutical companies, followed very closely by financial institutions. Intellectual property continues to be of great value to the nation-state and corporate espionage, given the monetary gains and the acceleration of drug duplication on the market," says Securonix.

The study showed that in the industrial sector, internal computer incidents are usually caused by employees. In 80% of these cases. Employees try to leave with sensitive company information.

Among the most commonly used methods for getting sensitive data out of the company's systems are:

– Transferring corporate information to a private courier service. This constitutes 43.75% of cases;

– Excessive use of the privileges of cloud service collaboration, which makes up 10.71%;

– Data aggregation and downloads that make up 10% of exfiltration modes;

– The use of unauthorized and/or unencrypted removable storage equipment (8.93%);

– Spying via tools such as SharePoint (8.04%);

– Visiting external sites without precaution (6.25%);

– Emails sent to non-professional domains (3.57%);

– Emails sent to competing companies (2.68%).

"E-mail data exfiltration remains the number one leaking method, followed by the cloud and downloads, which continue to be a blind spot for many organizations. We expect there will be an increase in cloud-based exfiltration attempts and incidents in 2021 as cloud adoption continues to grow," notes Securonix. The cybersecurity firm will not add the following: "Logic comparators in union with the relative rarity algorithm are used to detect for the first time a number of users sending emails to an unknown non-professional email account or to a competing email domain, indicating an attempt to exfiltrate harmful data."

Now access an unlimited number of passwords: