Difficulty Solving Healthcare Data Breaches Due to Lack of Visibility into Employee Activity

According to Dtex Systems’ 2018 Insider Threat Intelligence Report, security teams are not able to respond correctly to serious data security threats because they lack visibility into the activities of employees.

The findings of the report were based on the information provided by the firm’s customers and prospective customers after a risk assessment. The report revealed employees frequently bypass security controls, violate company policies, and download unauthorized software onto their work devices.

The Dtex Systems report states that 60% of risk assessments show that employees: bypass their organization’s security controls, have researched how to bypass security controls, or have used private and anonymous browsers.

Most employees attempt to bypass security controls to access websites prohibited by the company’s internet usage policies such as sites containing adult content, gambling sites, P2P file sharing sites and gaming sites. About 67% of companies have found inappropriate use of the internet during risk assessments. Many employees also attempt to download shadow IT and use prohibited programs such as Caffeine, Dontsleep, WireShark or SnippingTool.

Even if the employees don’t have any malicious intent, downloading prohibited programs can jeopardize the company’s security and could lead to the accidental disclosure of PHI or malware. Many employees also frequently download VPN tools and CCleaner to try to cover their tracks or hide their malicious activities.

Looking at the risk assessments results, 72% showed that some employees used high-risk applications and hacking tools while 90% showed that employees transferred data to USB devices. 78% showed that company data became available to the public online because of employee mistakes.

Technological controls will help improve security, but human controls must not be overlooked. Security awareness training will help to ensure employees are made aware of the risks of certain activities; nonetheless, employees still engage in risky activities despite security training. They leave cybersecurity in the hands of IT teams and don’t take responsibility for their own actions.

Security teams can do their part to reduce security risks but they are limited by what they know. Unless they can have visibility into what employees are doing, they will not know where to direct their efforts.

Dtex Systems recommends the following solutions to help security teams identify insider threats and prevent data breaches:

Perform regular risk analyses;

Use Security Information and Event Management (SIEM);

Use behavior analytics;

Implement technologies that prevent data loss; and,

Monitor employee and user behavior to detect abnormal and suspicious activities.