Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Businesses Technology

Employees and Contractors Expose Information Online in 98 Percent of Organizations (betanews.com) 33

Posted by msmash from the closer-look dept.
An anonymous reader shares a report: Employees and contractors are exposing confidential and sensitive information online and in the cloud in some 98 percent of organizations. This is found primarily in Dropbox, Google, and Microsoft SharePoint. This is among the findings of a new report from insider threat specialist Dtex Systems which has analyzed information from work-issued endpoints and more than 300,000 employee and contractor accounts.

All of the assessments detected employees and contractors transferring confidential and sensitive data via unencrypted USB drives, personal email accounts, and cloud applications, an increase of 10 percent over 2018. In addition 97 percent of assessments detected employees and contractors who were flight risks, a class of insider threat that often steals data and IP. This is an increase of 59 percent over 2018. 95 percent detected employees and contractors attempting to bypass or circumvent security controls via anonymous browsing, VPN and TOR usage, up 35 percent over 2018.
This discussion has been archived. No new comments can be posted.

Employees and Contractors Expose Information Online in 98 Percent of Organizations More

Employees and Contractors Expose Information Online in 98 Percent of Organizations

Comments Filter:
  • if this just includes whenever somebody Googles something. Sooner or later you're bound to accidentally google an account number, customer name or phone #. Google has long since switched to HTTPs making this relatively harmless. The worst is that Google has seen something they shouldn't have.

    I will say programmers need to be more careful what they post to Github. I can't tell you the number of times I've seen passwords for ERP systems, payment systems and the whole shebang in a bloody public Github acco

  • News @11 (Score:5, Insightful)

    by IMightB ( 533307 ) on Wednesday February 20, 2019 @04:00PM (#58154090) Journal

    Insider Threat company finds that 98% of company have employees, and management should consider them threats! Buy our product.

    Burma shave

    • After you buy our product, we'll paste boilerplate showing your employee leaks is only 13% and that you can save 15% or more by switching to Geiko.

    • Re: (Score:2)

      by zlives ( 2009072 )

      also isn;t the idea of cloud services to expose your data, imean if you want to protect your data, why would you share it online at all.
      maybe the name "sharepoint" should give you a pause?!!!

  • Let me guess... (Score:3)

    by 110010001000 ( 697113 ) on Wednesday February 20, 2019 @04:23PM (#58154206) Homepage Journal
    ...the solution is to give money to "Dtex Systems" somehow.

  • Using anything but google... (Score:1)

    by Anonymous Coward

    ... will get you on this list.

    I tried to use the clean stalker-free wrapper of google and was forbidden from doing so by my employer's IS dept due to anonymising.

    The stalker-free version of google is the startpage.com search engine.

    No doubt using duckduckgo is also a sign of malicious intent, according to the sales people at these security companies.

  • I can see where the report is coming from, but it's somewhat extreme and illustrates how hard it is to be fully protected on line. My company uses gsuite, so right off the bat we're in the 98%.

    I'd just like to see some of the companies that are in the 2%. No way can anybody have any internet access right off the bat and even no computer access at all because data could be put onto thumb drives. Employees couldn't bring in smartphones because they might take a picture of something in the company and post

    • The data loss prevention (DLP) people have been in this area for more than a decade, and yeah, there are risks. But there aren't two camps, and I doubt you can count them on both hands and toes.

      Add in mergers, acquisitions, partnerships with different systems (Marrriott breach) or dozens of leaky pipes. DLP and asset loss prevention is a finely practiced art where assets mean much. In some places, they don't.

      There are also systems that use cloud access security brokerage (CASB) and some of these had built-i

    • Re: (Score:2)

      by guruevi ( 827432 )

      The problem typically is IT folk that have no way what they are doing implementing rules that are impossible to follow and then people find workarounds because you either don't have sufficient support to help everyone solve their problems or you don't approve of solutions your IT department doesn't think up.

  • Glad to see we are improving on this. No methodology listed, no demographics listed other than some vague information at the end of the report. This reads like half of the global warming papers out there.

  • Now, if you use a public Dropbox, that is exposure. But the article is not clear that this is what was found.

Slashdot Top Deals

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Close