"60% of Insider Threats Involve Employees Planning to Leave"

New research shows that more than 80% of employees with plans to leave an organization take data with them before they go. According to the 2020 Securonix Insider Threat Report based on the analysis of over 300 confirmed incidents, these employees considered "flight-risk" were involved in about 60% of insider threats. Most insider threats involved the exfiltration of sensitive data, while others included privilege misuse, data aggregation, and infrastructure sabotage. Employees exhibit flight-risk behavior between two to eight weeks before they make their exit. The most common data exfiltration methods include moving sensitive information via email, uploading the information to cloud storage websites, using data downloads, storing data on unauthorized removable devices, and snooping for data through SharePoint. Shareth Ben, director of Insider Threat and Cyber Threat Analytics with Securonix calls on IT security operations teams to be on the lookout for red flags such as web browsing activities related to job searching and attempts to access administrative accounts. Another significant flag is the movement of sensitive information via email, collaboration tools, or USB devices. Depending on the industry in which the insider works, they may steal valuable intellectual property, banking data, or personally identifiable information. This article continues to discuss key findings from the 2020 Securonix Insider Threat Report related to flight-risk behavior, the most common techniques used by insiders to exfiltrate sensitive information, why IT security operations teams struggle to draw conclusions from insider threats, ways to detect flight-risk employees, and the variation of targeted data by industry. 

Dark Reading reports "60% of Insider Threats Involve Employees Planning to Leave"