InfoSec News & Investigations

Insider data breaches : a big concern say 97% of IT leaders

According to a survey by Egress, a shocking 97% of IT leaders said insider breach is a big concern. 78% think employees have put the company’s data in jeopardy accidentally while 75% think they (employees) put data at risk intentionally. And asking about the consequences and implication of these risk, 45% said financial damage would be the greatest.

Egress surveyed more than 500 IT leaders and 5000 employees from UK, US and Benelux regions. The survey showed serious incompetence of IT sector in handling data and their own security as well as employee confusion about data ownership and responsibility.

On the question of how they manage insider data breach and security measures they use, half of IT leaders said they use antivirus software to detect phishing attacks, 48% use email encryption and 47% use secure collaboration tools. And 58% , that is more than half relied on employee reporting than any breach detecting system.

Egress CEO, Tony Pepper says that the report shows the ignorance of IT leaders towards insider breaches and the lack of risk management on their part.

 “While they acknowledge the sustained risk of insider data breaches, bizarrely IT leaders have not adopted new strategies or technologies to mitigate the risk. Effectively, they are adopting a risk posture in which at least one-third of employees putting data at risk is deemed acceptable. “The severe penalties for data breaches mean IT leaders must action better risk management strategies, using advanced tools to prevent insider data breaches. They also need better visibility of risk vectors; relying on employees to report incidents is not an acceptable data protection strategy.”

Misdirected and phishing emails are top cause of insider data breaches- 

Misdirected and phishing emails are top cause of accidental insider data breaches as 41% of employees who leaked data said they did it because of phishing emails and 31% said they sent the information to the wrong individual by email.

 Tony Pepper adds;

“Incidents of people accidentally sharing data with incorrect recipients have existed for as long as they’ve had access to email. As a fundamental communication tool, organizations and security teams have weighed the advantages of efficiency against data security considerations, and frequently compromise on the latter. 

“However, we are in an unprecedented time of technological development, where tools built using contextual machine learning can combat common issues, such as misdirected emails, the wrong attachments being added to communications, auto-complete mistakes, and employees not using encryption tools correctly. Organizations need to tune into these advances to truly be able to make email safe.”

Original Source