top of page

Ponemon Institute & DTEX Report Reveals Organizations Are Missing the Indicators of Insider Threats

DTEX Systems, the Workforce Cyber Intelligence & Security CompanyTM, today released a new report, The State of Insider Threats 2021: Behavioral Awareness & Visibility Remain Elusive, which revealed that organizations struggle to identify the indicators of insider attacks.

Released in conjunction with the start of National Insider Threat Awareness Month, the report, conducted by the Ponemon Institute with sponsorship from DTEX, surveyed a global pool of 1,249 IT and IT security practitioners and found that 53% of companies find it impossible or very difficult to prevent an insider attack when data is being aggregated, a key indicator of intent of an attack. “The vast majority of security threats follow a pattern or sequence of activity leading up to an attack, and insider threats are no exception,” said Dr. Larry Ponemon, Chairman and Founder, Ponemon Institute. “Many security professionals are already familiar with Lockheed Martin’s Cyber Kill Chain and the MITRE ATT&CK Framework, both of which describe the various stages of an attack and the tactics utilized by an external adversary. Since human behavior is more nuanced than machine behavior however, insider attacks follow a slightly different path and, therefore, require modern approaches to combat.”

Over the course of thousands of insider threat investigations and incidents, DTEX’s Counter-Insider Threat Research analysts have identified the insider equivalent of these frameworks: the Insider Threat Kill Chain, which encompasses the five steps present in nearly all insider attacks: Reconnaissance, Circumvention, Aggregation, Obfuscation and Exfiltration. To fully understand an insider incident, DTEX finds that visibility into the entire kill chain — not just one or two steps — is imperative. In fact, the earlier phases of the Kill Chain hold the answers to some of the most important questions – both for incidents that have yet to fully unfold and for those that have already occurred.

The findings of this report reveal that enterprises are missing the warning signs of insider threats and the intent of perpetrators. Key findings include:

  • Nearly half of companies find it impossible or very difficult to prevent an insider attack at the earliest stages of the Insider Threat Kill Chain

  • Only 32% of companies say their organizations are very or highly effective in preventing the leakage of sensitive information

  • 15% of organizations state that no one has ultimate authority and responsibility for controlling and mitigating workforce risks

“Our findings indicate that in order to fully understand any insider incident, visibility into the nuance and sequence of human behavior is pivotal,” said Rajan Koo, Chief Customer Officer, DTEX Systems. “Often times, organizations don’t know that an attack has occurred up until (or after) step five of the Kill Chain – exfiltration – occurs. However, if businesses fill the gaps identified within this report with the right behavioral intelligence control and designate a clear authority for controlling and mitigating this risk, these threats can be detected and deterred during an earlier stage of the kill chain much before any real damage is done.”

Workforce Cyber Intelligence & Security™ is a new approach to enterprise workforce data collection and analysis that focuses on understanding how, when, why, where and for how long employees and third parties interact with data, machines, applications and their peers as they perform their job responsibilities. DTEX’s Workforce Cyber Intelligence & Security platform was designed for today’s modern, distributed workforce model and provides complete visibility into user and account activity – keeping all data anonymous to protect privacy, and only shining a light on abnormal or inefficient behaviors that indicate risks and areas for operational improvement.

“Organizations need to take a human approach to understanding and detecting insider threats, as human elements are at the heart of these risks,” continued Koo. “This includes leveraging human sensors to monitor people-centric threats through sequential behaviors, which is known as human telemetry. By focusing on the most critical common denominator in all cyber security attacks – the humans driving day-to-day operations – DTEX is identifying these dynamic “Indicators of Intent” to gain real-time awareness about a workforce’s activities to mitigate areas of risk without invading personal privacy.”

To view the full The State of Insider Threats 2021: Behavioral Awareness & Visibility Remain Elusive Report, please visit:



bottom of page