Highlights of behaviors, detection techniques, and key takeaways from the field.
Executive Summary
• The exfiltration of data deemed sensitive continues to be the most common insider threat caused by employees and contractors, followed by privileged account abuse, in several organizations.
• The exfiltration of sensitive data over email continues to be the #1 egress vector, followed by web uploads to cloud storage sites.
• An employee or contractor had been identified as a flight risk in about 60% of the incidents detected.
What is a flight risk?
An employee who is about to terminate their employment with a company for various reasons. These employees typically show flight risk behavior patterns when their browsing behavior and email behavior indicate they are leaving the company. This behavior is pertinent to insider threats because over 80% of flight risk employees tend to take data with them, anywhere from 2 weeks to 2 months prior to their termination date.
