"Insider Threat" Study Reveals That Trusted Employees Are Exposing Co-Workers' Personal Information
Reconnex Insider Threat Index Confirms Employees' Personal Data and Peer-to-Peer File Sharing Use Puts Companies
at Serious Risk
MOUNTAIN VIEW, Calif., August 22, 2005— Reconnex, the expert in enterprise risk management systems, today released statistics from its second monthly Insider Threat Index™. The study revealed that exposure of employees’ personal information and peer-to-peer (P2P) file sharing are commonplace in corporate America, putting companies at serious risk. This month’s index was compiled from over 1.6 terabytes of blind data statistics gathered from Reconnex’s e-Risk Rapid Assessments performed during the month of July at a variety of U.S. businesses and government agencies.
[To download the full Reconnex Insider Threat Index in PDF format, please visit: http://www.reconnex.net/Threat/]
Since last month’s Insider Threat Index was published, CardSystems became the latest corporate victim of identity theft when personal data from about 40 million customer credit cards were exposed. As a result of this breach, Visa and American Express terminated their contracts with CardSytems. Visa performed an internal review of CardSystems’ processing practices, and found that the company did not have the appropriate controls in place to protect cardholder information. The information compiled by Reconnex in this month’s Insider Threat Index shows that lack of appropriate controls is a hidden threat to many organizations. Without technology in place to monitor for these types of hidden threats and the ability to provide a complete forensic trail after a breach, organizations remain exposed.
Employee and Customer Data Exposed in over Ninety-One Percent of Companies Assessed
Ninety-one percent of companies who completed a Reconnex 48-Hour e-Risk Assessment in the month of July had exposed credit card numbers entering or leaving their network and eighty-two percent exposed social security numbers. The origin of the vast majority of these disclosures stemmed from human resources departments who often accidentally exposed employees’ personal information when they communicate with partners in health insurance, payroll, workers compensation, and other third-party processors. The personal data revealed by co-workers often included employee names, date of birth, social security numbers (SSN), and even bank routing information. This personal data was usually sent via Excel spreadsheets and in clear text. Sometime the Excel spreadsheets contained thousands to tens of thousands of individual’s personal data per spreadsheet.
"These latest statistics are alarming, but the terabytes of data we’ve been able to compile shows this trend of exposing employee personal data is commonplace," said Donald J. Massaro, president and CEO of Reconnex. "Our customers have been able to remediate these risks because they now know how it is happening in their organizations. In our 48 hour e-Risk Rapid Assessment, Reconnex provides hard data that highlights the exact exposures and provides a complete forensic trail, allowing our customers to rapidly remediate these risks to the root cause rather than remain exposed, protecting their customers’ and their employees’ personal data."
Assessments Show Peer-to-Peer File Sharing is Commonplace
Eighty percent of the Reconnex assessments conducted in the month of July detected common P2P file-sharing protocols, such as BitTorrent, Gnutella, eDonkey, and WinMX. These companies were able to quickly remediate the risks P2P file sharing creates including:
- Lawsuits and liabilities —Peer-to-peer protocols are commonly used for one thing – to illegally distribute copyrighted materials. If copyrighted materials are shared over your network inappropriately, statutory damages could be as great as $150,000 per occurrence of willful infringement.
- Inadvertent sharing of sensitive information— Peer-to-peer systems create a hole through the corporate firewall right to the client desktop or laptop; your employees may be inadvertently sharing sensitive information without their knowledge.
- Malicious transfer of sensitive information—P2P programs such as BitTorrent break files up into thousands of smaller files that are transferred one-by-one and re-assembled on the other side. It is virtually impossible to detect what is being transferred, making these protocols perfect transfer methods for industrial espionage.
- Keyloggers —Many file-sharing programs contain spyware that communicates information created by the user, often without the user's knowledge.
"These statistics demonstrate how far the P2P phenomenon has spread to corporate networks even in the face of corporate IT departments’ efforts to stop them," said, Gerard M. Stegmaier, an attorney from Wilson Sonsini Goodrich and Rosati. "In the wake of the Supreme Court’s recent Grokster decision, it seems likely that businesses and other providers of computer access are increasingly likely to be swept up in the efforts of copyright holders to protect and enforce their rights. Turning a blind eye to P2P activity on a company’s network, and relying solely on what at first glance could appear to be unenforced policies, represents a very dangerous approach to risk management. Monitoring systems and using the results of this monitoring to enforce policies and discipline rogue employees is an important step towards minimizing culpability."
Reconnex Insider Index Reveals What Really Leaves the Corporate Network
Reconnex’s Insider Threat Index is compiled using the data from Reconnex’s 48-Hour e-Risk Rapid Assessments in the month of July, which provide a complete view of enterprise risk by monitoring all traffic flowing over a corporate network, regardless of file type or communication channel. This month’s Insider Threat Index reports the following trends:
- 80 percent of the information monitored was Web-based traffic
- 13 percent of traffic was SMTP based email (approved corporate email)
- 10 percent of content was encrypted
This months’ assessments reveal the following disturbing trends to their root source:
- Employee private data was exposed—Mostly commonly by human resources employees to third-party vendors. Most concerning was the amount of personal data including name and SSNs exposed directly in the subject lines of emails, in clear, open text.
- Forwarding and replying to emails leave companies at risk—Although most companies don’t mind their employees emailing sensitive personal data internally, as soon as someone replies or forwards such an email to a party outside of the protected corporate network, this same personal data goes out over the public Internet, unencrypted, unprotected, and in violation of privacy policy made to customers and employees.
- Overwhelmingly, Webmail is being used to circumvent company controls—Because many corporations are setting size limits on files attached to emails, employees’ only recourse is to send large, sensitive files using their own personal Webmail accounts instead of corporate email.
Key Findings from Last month’s Insider Threat Index
The first Reconnex Insider Threat Index issued last month revealed that corporate email is not the culprit for leaking consumer or company confidential data. Ninety percent of all network traffic monitored was Web-based content sent via Instant Messenger, Webmail, or Hotmail, or was from a Web application :
- Web-based traffic accounted for 89.5 percent of all electronic data monitored
- Only 4 percent of traffic was SMTP-based e-mail (approved corporate email)
- Excel was the most common email attachment
- Only 2.2 percent of content was encrypted
- Only 1.1 percent of traffic was information emailed outside the corporate network
Forensics Capabilities Allow Companies to Remediate Risks at the Root Cause
Reconnex offers the only content-monitoring appliance on the market today that provides a complete forensic analysis trail by capturing all data entering or leaving the corporate network for analysis. Competitive products filter about ninety-five percent and store less than five percent of the information leaving the corporate network. This means less than five percent of the information critical to a forensic investigation is actually available. The Reconnex iGuard takes a different approach by capturing and analyzing everything entering or leaving the network, so companies have new visibility into all insider threats and the ability to conduct a complete forensic investigation. Using the Forensic Event Correlation™ engine of the Reconnex iGuard system, organizations needing to comply with various industry regulations can conduct immediate forensic investigations on all electronic communication sessions, including e-mails, Webmails, Instant Message, FTP, P2P, chat communications and much more. Organizations can also analyze this information with instantaneous "Google-like™" quick search queries into the stored data and create a complete audit trail using iGuard’s easy and intuitive Web-based interface. Auditors, lawyers, and compliance experts can replay all forensic searching queries for investigation, fulfilling an important need in this new age of compliance and complex requirements regarding disclosure of non-public information.
About Reconnex
Reconnex is the leading provider of enterprise risk management (ERM) systems that reveal and address the insider threat to compliance risks, competitive risks, corporate governance risks and critical infrastructure risks. Reconnex enables Fortune 1000 companies, government organizations, and smaller healthcare and financial services companies to protect their brands, shareholder value and mission critical operations by revealing hidden risks in the first 48 hours of deployment. Without exception, every deployment has enabled these organizations to quickly remediate the risks that could have damaged or destroyed their organization.
Give us two days, you’ll know™ . Call Reconnex today at 1-866-940-4590 or visit us on the web at www.reconnex.net.
