Insider Threats Packing Their Bags With Corporate Data

What if your organization could discover which of your employees are exfiltrating data prior to leaving? The 2020 Securonix Insider Threat Report found that 60% of Insider Threats involve "Flight Risk" employees planning to leave. While we know this is a problem, it has been tough to solve, especially as cloud services proliferate and personal vs. business traffic becomes more challenging to separate. In this talk, we will discuss the indicators we have used in a large production environment to find employees that are exfiltrating data before they leave.We approached this problem by analyzing anonymized data of over 4 million users from more than 200 different organizations worldwide. The data was collected from a subset of Netskope users with prior authorization. Our analysis revealed that approximately 15% of all employees leaving their job used personal cloud apps to take data with them. Based on our study, we created some models to identify insider threat flight risks and ran them for several months. We found multiple real insiders exfiltrating data that were otherwise unknown.We will present the behavioral insights found for employees preparing to leave, the nature and quantity of the data they target, and the cloud providers they use. We hope these indicators will enable organizations to protect their data more effectively.