Slashdot Mirror

← Back to Stories (view on slashdot.org)

Employees and Contractors Expose Information Online in 98 Percent of Organizations (betanews.com)

Posted by msmash on from the closer-look dept.

An anonymous reader shares a report: Employees and contractors are exposing confidential and sensitive information online and in the cloud in some 98 percent of organizations. This is found primarily in Dropbox, Google, and Microsoft SharePoint. This is among the findings of a new report from insider threat specialist Dtex Systems which has analyzed information from work-issued endpoints and more than 300,000 employee and contractor accounts.

All of the assessments detected employees and contractors transferring confidential and sensitive data via unencrypted USB drives, personal email accounts, and cloud applications, an increase of 10 percent over 2018. In addition 97 percent of assessments detected employees and contractors who were flight risks, a class of insider threat that often steals data and IP. This is an increase of 59 percent over 2018. 95 percent detected employees and contractors attempting to bypass or circumvent security controls via anonymous browsing, VPN and TOR usage, up 35 percent over 2018.

33 comments

  1. Not a big deal by rsilvergun · · Score: 1

    if this just includes whenever somebody Googles something. Sooner or later you're bound to accidentally google an account number, customer name or phone #. Google has long since switched to HTTPs making this relatively harmless. The worst is that Google has seen something they shouldn't have.

    I will say programmers need to be more careful what they post to Github. I can't tell you the number of times I've seen passwords for ERP systems, payment systems and the whole shebang in a bloody public Github account. Those contractors are cheaper than FTEs for a reason.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
    1. Re:Not a big deal by Anonymous Coward · · Score: 0

      The elephant in the cloud = AWS / other unsecured buckets of morsels. See : Ring security videos in Ukraine in realtime.

    2. Re: Not a big deal by Anonymous Coward · · Score: 0

      Well they are not easy to read. Its not like somebody conveniently formats everything with field names values, documentation etc 95% of the time

    3. Re: Not a big deal by Anonymous Coward · · Score: 0

      Wow, you're so filled with hate. I feel sorry for you.

      Not because of the hate, but because of how stupid you must be. I'm a programmer, I work in Silicon Valley, I know plenty of Hindus. Most of them are smarter than you, and that's why they got the job and you didn't.

      But guess what, I don't hate any of them. Because I'm as smart as they are, and I get great work and make incredible money. So I have no problem with immigrants and H1B programmers participating in our economy and making our country stronger.

      Btw, they also probably have bigger penises than you, judging by your insecurity.

    4. Re: Not a big deal by Anonymous Coward · · Score: 0

      Look Who's Back! Found Hitler! Apparently he's become obsessed with American space exploration now. Never knew the bastard had a measurable penis. Hopefully he doesn't reproduce! The More You Know*

  2. News @11 by IMightB · · Score: 4, Insightful

    Insider Threat company finds that 98% of company have employees, and management should consider them threats! Buy our product.

    Burma shave

    1. Re:News @11 by CaptainDork · · Score: 1

      After you buy our product, we'll paste boilerplate showing your employee leaks is only 13% and that you can save 15% or more by switching to Geiko.

      --
      It little behooves the best of us to comment on the rest of us.
    2. Re:News @11 by zlives · · Score: 1

      also isn;t the idea of cloud services to expose your data, imean if you want to protect your data, why would you share it online at all.
      maybe the name "sharepoint" should give you a pause?!!!

    3. Re: News @11 by Anonymous Coward · · Score: 0

      Pretty much

      The number one way to stop leaks is to stop contracting out.

      In-house everything. Nobody takes their work home on their devices. Data stays on the servers at work.

      Remember some of the biggest US Government leaks thus far have been from military contractors.

    4. Re: News @11 by Anonymous Coward · · Score: 0

      Air gap, all the things. Hearty har har har!

  3. Let me guess... by 110010001000 · · Score: 2

    ...the solution is to give money to "Dtex Systems" somehow.

    1. Re: Let me guess... by Anonymous Coward · · Score: 0

      There is no solution unless you are in the > 99% who could not care less what your employees say

  4. Using anything but google... by Anonymous Coward · · Score: 1

    ... will get you on this list.

    I tried to use the clean stalker-free wrapper of google and was forbidden from doing so by my employer's IS dept due to anonymising.

    The stalker-free version of google is the startpage.com search engine.

    No doubt using duckduckgo is also a sign of malicious intent, according to the sales people at these security companies.

  5. 2% of employers are paranoid and unconnected? by mykepredko · · Score: 1

    I can see where the report is coming from, but it's somewhat extreme and illustrates how hard it is to be fully protected on line. My company uses gsuite, so right off the bat we're in the 98%.

    I'd just like to see some of the companies that are in the 2%. No way can anybody have any internet access right off the bat and even no computer access at all because data could be put onto thumb drives. Employees couldn't bring in smartphones because they might take a picture of something in the company and post it.

    I suspect the companies fall into two camps:
    1. Companies that have run they way they've been running for 50+ years with a mom or pop at the helm, no employees and at best a landline and a stack of three page invoices that were printed in the 1960s and the carbon paper between the pages is disintegrating. Taxes are done with a TI-30 calculator and communication is either via phone or mail - I don't think you can get stand-alone faxes any more. I'm guessing what they sell is driftwood carvings to tourists as I can't see how anybody can order materials/stock without any kind of a computerized system.
    2. Very high tech/defense contractors that have material processes that are world class. I'm thinking of the metallurgy departments in jet-engine manufacturers where the metals and ceramics used in the engines are created with processes that they don't dare allow any possible information leaks. Employees are checked out and regularly followed by the FBI to make sure they aren't any kind of risk.

    --
    Mimetics Inc. Twitter
    1. Re:2% of employers are paranoid and unconnected? by postbigbang · · Score: 1

      The data loss prevention (DLP) people have been in this area for more than a decade, and yeah, there are risks. But there aren't two camps, and I doubt you can count them on both hands and toes.

      Add in mergers, acquisitions, partnerships with different systems (Marrriott breach) or dozens of leaky pipes. DLP and asset loss prevention is a finely practiced art where assets mean much. In some places, they don't.

      There are also systems that use cloud access security brokerage (CASB) and some of these had built-in DLP mechanisms. A camera and an OCR can always be used instead of using something to crack open a DB. Yes, nutballs still store passwords in plain text files in the $public directory.

      This report is more marketing than reality driven, IMHO. Yes, you should secure your assets and have a real reality check about how data is lost. Your firm has liabilities, too, if assets are breached or stolen outright. The ounce of prevention is in vetting employees, treating them fairly, and locking the damn doors, and hiring strict administrators with common sense.

      Defense and financial organizations are not so much different than the rest of the world in actual implementation in my experience, they're just vastly more diligent, must meet more rigorous standards, and get screwed over anyway.

      --
      ---- Teach Peace. It's Cheaper Than War.
    2. Re:2% of employers are paranoid and unconnected? by Anonymous Coward · · Score: 0

      There are a few dozen Unified Threat Management (UTM) devices that can handle the cloud part of this and a few dozen antivirus vendors that can include Data Loss Prevention (DLP). This will basically encrypt stuff on drives (including removable drives). Some of this comes down to business requirements, though. If you are to deliver information to a customer and you encrypt that with proprietary software that the customer does not have, they may not consider that a delivery.

    3. Re:2% of employers are paranoid and unconnected? by guruevi · · Score: 1

      The problem typically is IT folk that have no way what they are doing implementing rules that are impossible to follow and then people find workarounds because you either don't have sufficient support to help everyone solve their problems or you don't approve of solutions your IT department doesn't think up.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
  6. Quality reporting here by Vanyle · · Score: 0

    Glad to see we are improving on this. No methodology listed, no demographics listed other than some vague information at the end of the report. This reads like half of the global warming papers out there.

  7. IMPERSONATING me AGAIN? apk by Anonymous Coward · · Score: 0

    HILARIOUS u ADMIT u have a registered 'luser' acct (Zontar the Mindless) & STALK me by UNIDENTIFIABLE anon https://hardware.slashdot.org/... - YOU have ISSUES, lunatic.

    See subject & that's the "best ya got"? It proves You WISH you were ME (as your POOR imitation = the sincerest form of flattery).

    * MacOS model's not done: Stop IMPERSONATING me lying & proof portfilter err's can't happen in my work https://news.slashdot.org/comm...

    APK

    P.S.=> I know WHY you do it though (out of "butthurt angst", lol): I've BLOWN YOU AWAY so many times under your MANY alter-ego SOCKPUPPET /. accounts FAKENAMES you're out for "revenge" only to have EGG ON YOUR FACE yet again... apk

    1. Re: IMPERSONATING me AGAIN? apk by Anonymous Coward · · Score: 0

      Reading comprehension is clearly beyond the capabilities of deficients such as yourself. I said I praise your work when I'm logged in. Zontar doesn't praise your work. Try again.

    2. Re: IMPERSONATING me AGAIN? apk by Anonymous Coward · · Score: 0

      Would you like more GOLD w/ that jew https://news.slashdot.org/comm... ?

  8. Unless they work for Democrats by Anonymous Coward · · Score: 0

    Then it's Russians. Always Russians.working from offices that overlook Red Square. Unless it's the Chinese. Or when Americans hack other countries. Often with the Israelis, who spend an inordinate amount of time hacking Americans. But no one said that, did they. No.

  9. Well now! by Anonymous Coward · · Score: 0

    98% of companies hire at least one moron!

    News at 11.

  10. 97 % of assessments detected flight risk? by Anonymous Coward · · Score: 0

    In addition 97 percent of assessments detected employees and contractors who were flight risks

    That number seems extraordinarily high. Does that mean that 97% of people checked would be considered a flight risk and, if so, how'd they get a clearance in the first place?

    1. Re:97 % of assessments detected flight risk? by Anonymous Coward · · Score: 0

      No. It means that of the 100 assessments done (1 each of 100 different companies, lets say the Fortune 100), that in 97 of those corporations there was at least one (more than zero) employee's who "would be considered a flight risk".

    2. Re: 97 % of assessments detected flight risk? by Anonymous Coward · · Score: 0

      They define flight risk as employees who use VPNs, too.

      I personally wouldn't let any packets leave my home network without being over a VPN, even my phone. I would inverse that definition, if you're willing to leak all of your own personal info all over the place, why would you be trusted to give a crap about your employer's info?

  11. Say it out loud by Anonymous Coward · · Score: 0

    I allowed it; it's in the cloud. The boss said, Make me proud

  12. JEWgle are PERFIDIOUS Juden by Anonymous Coward · · Score: 0

    Khazar Talmudic Jews believe this of all they call goyim/gentiles (any non-jew): Jews = biggest racists of all for which they "jew guilt" you for no less! They're hypocrites known as thieves all thru history or were Argentines in the 1940 under Peron, Spanish inquistion, France (1306), Egypt (despoiled/robbed by jews), Arabs (pre & post 1948), England (1330 Edward longshanks), Romans under titus, Russia pogroms and Germany who got rid of them from their nations nazi german's too? No. Driven into DESERTS ages ago! Don't wonder why after all those exilings above.

    Should anyone doubt any of this see Jacob Javits' crony Rosenthal spill the beans on it https://www.youtube.com/watch?v=D4zMVZ8HnFI/ where he called all Christianity fools for helping Israel and the biggest scam of all time per their beliefs below from their Talmud.

    This is the province of the synagogue of Satan (Pharisees whom Jesus Christ himself kicked to the curb out of the temple & they killed him for it. Jeremiah did the same to them also + the Essenes could not stand them either breaking away from the pharisee corruption):

    Jew Talmud excerpts (the book that calls Christ's mother a whore & a bastard of a roman soldier):

    1. Sanhedrin 59a: "Murdering Goyim is like killing a wild animal."

    2. Abodah Zara 26b: "Even the best of the Gentiles should be killed."

    3. Sanhedrin 59a: "A goy (Gentile) who pries into The Law (Talmud) is guilty of death."

    4. Yebhamoth 11b: "Sexual intercourse with a little girl is permitted if she is three years of age."

    5. Schabouth Hag. 6d: "Jews may swear falsely by use of subterfuge wording."

    6. Hilkkoth Akum X1: "Do not save Goyim in danger of death."

    7. Hilkkoth Akum X1: "Show no mercy to the Goyim."

    8. Choschen Hamm 388, 15: "If it can be proven that someone has given the money of Israelites to the Goyim, a way must be found after prudent consideration to wipe him off the face of the earth."

    9. Choschen Hamm 266,1: "A Jew may keep anything he finds which belongs to the Akum (Gentile). For he who returns lost property (to Gentiles) sins against the Law by increasing the power of the transgressors of the Law. It is praiseworthy, however, to return lost property if it is done to honor the name of God, namely, if by so doing, Christians will praise the Jews and look upon them as honorable people."

    10. Szaaloth-Utszabot, The Book of Jore Dia 17: "A Jew should and must make a false oath when the Goyim asks if our books contain anything against them."

    11. Baba Necia 114, 6: "The Jews are human beings, but the nations of the world are not human beings but beasts."

    12. Simeon Haddarsen, fol. 56-D: "When the Messiah comes every Jew will have 2800 slaves."

    13. Nidrasch Talpioth, p. 225-L: "Jehovah created the non-Jew in human form so that the Jew would not have to be served by beasts. The non-Jew is consequently an animal in human form, and condemned to serve the Jew day and night."

    14. Aboda Sarah 37a: "A Gentile girl who is three years old can be violated."

    15. Gad. Shas. 2:2: "A Jew may violate but not marry a non-Jewish girl."

    16. Tosefta. Aboda Zara B, 5: "If a goy kills a goy or a Jew, he is responsible; but if a Jew kills a goy, he is NOT responsible."

    17. Schulchan Aruch, Choszen Hamiszpat 388: "It is permitted to kill a Jewish denunciator everywhere. It is permitted to kill him even before he denounces."

    18. Schulchan Aruch, Choszen Hamiszpat 348: "All property of other nations belongs to the Jewish nation, which, consequently, is entitled to seize upon it without any scruples."

    19. Tosefta, Abda Zara VIII, 5: "How to interpret the word 'robbery.' A goy is forbidden to steal, rob, or take women slaves, etc., from a goy or from a Jew. But a Jew is NOT forbidden to do all this to a goy."

    20. Seph. Jp., 92, 1: "God has given the Jews power over the possessions and blood of all nations."

    21. Schulchan Aruch, Choszen H

    1. Re:JEWgle are PERFIDIOUS Juden by Anonymous Coward · · Score: 0

      Can somebody restrict the comments to a sensible level, say 300 characters? It would help prevent some of the garbage that gets posted.

  13. News@11 by Anonymous Coward · · Score: 0

    Lying cheaters find out they are surrounded by paranoid people.

  14. Using Dropbox != exposing confidential info by Tony+Isaac · · Score: 1

    Now, if you use a public Dropbox, that is exposure. But the article is not clear that this is what was found.