This report reminds me of a client engagement where we placed false credentials and documents on the devices of employees that had handed in their notice or were expected to. The idea was that we could pick up when documents were opened and credentials used and trace back to the individual. It’s a tricky HR issue so you need to get sign off before doing this, and it’s not permitted in certain jurisdictions…:
[…] In total, 43.75% of insiders forwarded content to personal emails; 16% abused cloud collaboration privileges and 10% performed downloads of aggregated data during attacks analyzed in the report. Unauthorized USB and removable storage devices are also commonly used to swipe data.
However, the abuse of removable drives to steal information is on the decline as more companies than ever are either restricting or blocking USBs completely, and many organizations — potentially prompted further due to the COVID-19 pandemic — are transitioning to cloud and IaaS platforms.
The highest number of data exfiltration incidents took place in the pharmaceutical, financial, and IT industries.
Account sharing, difficulties classifying data as sensitive or non-sensitive when considering access privileges, a failure to implement least-privilege account controls and the constant circumvention of IT controls are prevalent, the report suggests, with large enterprises in particular “finding it difficult to draw conclusions about such incidents mostly due to lack of, or differences between, policies and procedures for each line of business.”