Research Finds 450% Increase in Remote Employees Circumventing Security to Mask Online Habits or Steal Data

56% of companies say their remote workers actively bypassed security controls to obfuscate online activity 70% of the incidents included at least one attempt to circumvent a second security control to exfiltrate data without detection 72% of companies surveyed saw data theft attempts by a departing employee wanting to take protected IP with them

  • 56% of companies say their remote workers actively bypassed security controls to obfuscate online activity
  • 70% of the incidents included at least one attempt to circumvent a second security control to exfiltrate data without detection
  • 72% of companies surveyed saw data theft attempts by a departing employee wanting to take protected IP with them

New research shows that the shift to an almost fully remote workforce has significantly changed the behaviors of ‘trusted insiders’ in 2020. In a series of interviews with hundreds of businesses across a diverse range of industries, researchers found a 450% increase in employees circumventing security controls to intentionally mask online activities and a 230% increase in behaviors that indicate intent to steal data.

The findings published by DTEX Systems this week paint a worrying picture about the so-called ‘trusted insider’ – “once thought to be reliable and responsible are [now] changing their behaviors and increasing the risk of data loss, external attack and regulatory compliance violations for their employers,” according to the firm’s CTO, Mohan Koo.

The equilibrium of employee security and trust has been disrupted abruptly in 2020, Koo said in the report. And the key findings indicate just that:

  • 56% of companies reported remote workers actively bypassed security controls to intentionally obfuscate online activity (a 450% increase in the first eight months of 2020)
  • More than 70% of the escalated incidents visible to the security and HR teams included at least one attempt to circumvent a second security control to exfiltrate data without detection
  • Companies reported remote workers most commonly attempted to bypass the corporate VPN to mask their online activities intentionally
  • 72% of companies surveyed saw data theft attempts by a departing employee wanting to take protected IP with them or a new employee looking to inject IP from a previous employer (a 230% increase from 2019)

“The growth in premeditated data theft attempts and intentional activity masking behaviors by employees strongly suggests that companies are facing a heightened risk of data loss as virtual employment models become the norm, furloughs are extended and reduction-in-force actions continue,” according to the report.

The culprits are said to be ineffective network and endpoint security and lax or inexistent data loss prevention tools. The findings indicate that organizations must prioritize the human-element and workforce behavior in relation to data, process, and machines as a pillar of their next-generation security and IT technology strategies, the researchers said.

A similar study published by Tessian indicates that nine in 10 data breaches are caused by mindset lapses, pinning the root cause of almost all cyber incidents on insiders. Jeff Hancock, a leading communications professor at Stanford, says employees are reluctant to admit to their errors if employers judge them too harshly.

And yet another study by The Ponemon Institute (commissioned by Forcepoint) shows that current cybersecurity tools are ill-prepared to combat insider threats. Indeed, securing the human layer takes a holistic approach – especially with more and more organizations relying on a remote workforce.

Bitdefender GravityZone is an integrated endpoint protection, risk management, and attack forensics platform, enhanced with user behavior risk analytics. IT reps can leverage integrated risk management and analytics to continuously assess, prioritize, and address misconfigurations and vulnerabilities, including those triggered by humans.

Bitdefender Network Traffic Security Analytics (NTSA) detects advanced network-based attacks in real time and triggers autonomous incident response. Using a combination of machine learning and behavior analytics with insights from Bitdefender cloud threat intelligence, NTSA offers much-needed threat context to detect any network-borne anomaly, from external malice to insider negligence.