Slashdot Mirror

← Back to Stories (view on slashdot.org)

Employees and Contractors Expose Information Online in 98 Percent of Organizations (betanews.com)

Posted by msmash on from the closer-look dept.

An anonymous reader shares a report: Employees and contractors are exposing confidential and sensitive information online and in the cloud in some 98 percent of organizations. This is found primarily in Dropbox, Google, and Microsoft SharePoint. This is among the findings of a new report from insider threat specialist Dtex Systems which has analyzed information from work-issued endpoints and more than 300,000 employee and contractor accounts.

All of the assessments detected employees and contractors transferring confidential and sensitive data via unencrypted USB drives, personal email accounts, and cloud applications, an increase of 10 percent over 2018. In addition 97 percent of assessments detected employees and contractors who were flight risks, a class of insider threat that often steals data and IP. This is an increase of 59 percent over 2018. 95 percent detected employees and contractors attempting to bypass or circumvent security controls via anonymous browsing, VPN and TOR usage, up 35 percent over 2018.

10 of 33 comments (clear)

  1. Not a big deal by rsilvergun · · Score: 1

    if this just includes whenever somebody Googles something. Sooner or later you're bound to accidentally google an account number, customer name or phone #. Google has long since switched to HTTPs making this relatively harmless. The worst is that Google has seen something they shouldn't have.

    I will say programmers need to be more careful what they post to Github. I can't tell you the number of times I've seen passwords for ERP systems, payment systems and the whole shebang in a bloody public Github account. Those contractors are cheaper than FTEs for a reason.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
  2. News @11 by IMightB · · Score: 4, Insightful

    Insider Threat company finds that 98% of company have employees, and management should consider them threats! Buy our product.

    Burma shave

    1. Re:News @11 by CaptainDork · · Score: 1

      After you buy our product, we'll paste boilerplate showing your employee leaks is only 13% and that you can save 15% or more by switching to Geiko.

      --
      It little behooves the best of us to comment on the rest of us.
    2. Re:News @11 by zlives · · Score: 1

      also isn;t the idea of cloud services to expose your data, imean if you want to protect your data, why would you share it online at all.
      maybe the name "sharepoint" should give you a pause?!!!

  3. Let me guess... by 110010001000 · · Score: 2

    ...the solution is to give money to "Dtex Systems" somehow.

  4. Using anything but google... by Anonymous Coward · · Score: 1

    ... will get you on this list.

    I tried to use the clean stalker-free wrapper of google and was forbidden from doing so by my employer's IS dept due to anonymising.

    The stalker-free version of google is the startpage.com search engine.

    No doubt using duckduckgo is also a sign of malicious intent, according to the sales people at these security companies.

  5. 2% of employers are paranoid and unconnected? by mykepredko · · Score: 1

    I can see where the report is coming from, but it's somewhat extreme and illustrates how hard it is to be fully protected on line. My company uses gsuite, so right off the bat we're in the 98%.

    I'd just like to see some of the companies that are in the 2%. No way can anybody have any internet access right off the bat and even no computer access at all because data could be put onto thumb drives. Employees couldn't bring in smartphones because they might take a picture of something in the company and post it.

    I suspect the companies fall into two camps:
    1. Companies that have run they way they've been running for 50+ years with a mom or pop at the helm, no employees and at best a landline and a stack of three page invoices that were printed in the 1960s and the carbon paper between the pages is disintegrating. Taxes are done with a TI-30 calculator and communication is either via phone or mail - I don't think you can get stand-alone faxes any more. I'm guessing what they sell is driftwood carvings to tourists as I can't see how anybody can order materials/stock without any kind of a computerized system.
    2. Very high tech/defense contractors that have material processes that are world class. I'm thinking of the metallurgy departments in jet-engine manufacturers where the metals and ceramics used in the engines are created with processes that they don't dare allow any possible information leaks. Employees are checked out and regularly followed by the FBI to make sure they aren't any kind of risk.

    --
    Mimetics Inc. Twitter
    1. Re:2% of employers are paranoid and unconnected? by postbigbang · · Score: 1

      The data loss prevention (DLP) people have been in this area for more than a decade, and yeah, there are risks. But there aren't two camps, and I doubt you can count them on both hands and toes.

      Add in mergers, acquisitions, partnerships with different systems (Marrriott breach) or dozens of leaky pipes. DLP and asset loss prevention is a finely practiced art where assets mean much. In some places, they don't.

      There are also systems that use cloud access security brokerage (CASB) and some of these had built-in DLP mechanisms. A camera and an OCR can always be used instead of using something to crack open a DB. Yes, nutballs still store passwords in plain text files in the $public directory.

      This report is more marketing than reality driven, IMHO. Yes, you should secure your assets and have a real reality check about how data is lost. Your firm has liabilities, too, if assets are breached or stolen outright. The ounce of prevention is in vetting employees, treating them fairly, and locking the damn doors, and hiring strict administrators with common sense.

      Defense and financial organizations are not so much different than the rest of the world in actual implementation in my experience, they're just vastly more diligent, must meet more rigorous standards, and get screwed over anyway.

      --
      ---- Teach Peace. It's Cheaper Than War.
    2. Re:2% of employers are paranoid and unconnected? by guruevi · · Score: 1

      The problem typically is IT folk that have no way what they are doing implementing rules that are impossible to follow and then people find workarounds because you either don't have sufficient support to help everyone solve their problems or you don't approve of solutions your IT department doesn't think up.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
  6. Using Dropbox != exposing confidential info by Tony+Isaac · · Score: 1

    Now, if you use a public Dropbox, that is exposure. But the article is not clear that this is what was found.