Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security

5/17/2019
06:00 AM
Mark Bower
Mark Bower
Mark Bower
50%
50%

How to Stop Insider Breaches From Becoming the Norm

Data breaches are now so common we rarely go a day without hearing about the latest one.

The average data breach now costs a company $3.86 million, up 6.4% since 2017. Unfortunately, data breaches are now so common we rarely go a day without hearing about the latest one. When these breaches are the result of employee actions, for example, accidental data leakage or clicking on a malicious link in an email, it can often be difficult for organizations to know how they can prevent this scenario from playing out again in future.

A big part of this problem is the perception gap between CIOs and IT leaders, and the employees who deal with data on a daily basis about the likelihood of insider breaches and their root causes. The Egress 2019 Insider Data Breach survey uncovered concerning findings to this effect.

According to the survey, IT leaders predominantly believe that employees are putting sensitive data at risk, both accidentally and maliciously, while employees say they're acting in accordance with corporate policies:

  • 79% of IT leaders believe that employees have put company data at risk accidentally in the last 12 months, and 61% believe employees have put company data at risk maliciously
  • 92% of employees say they haven't accidentally broken their company's data sharing policy in the last 12 months, and 91% confirm they haven't done so intentionally
  • 60% of IT leaders believe that they will suffer an accidental insider breach in the next 12 months, and 46% believe they will suffer a malicious insider breach

These stats highlight a fundamental gulf between CIOs/IT leaders and employees that creates a major challenge for organizations attempting to stem the growing tide of insider breach incidents. With internal actors unaware of, or unwilling to admit their responsibility, organizations must look to technology to provide the necessary level of mitigation and reporting to protect sensitive assets.

Carelessness and a lack of awareness
While some IT leaders believe data is being leaked by employees on purpose to harm an organization (30%) or for financial gain (28%), other inside data breaches are simply caused by employee carelessness and lack of awareness. When CIOs and IT leaders were asked to name the leading causes of accidental breaches, the survey found:

  • 60% cited employee carelessness
  • 44% cited a general lack of employee awareness on data policies
  • 36% indicated a lack of training on the company's security tools

According to the survey, this is one area that CIOs/IT leaders and employees tend to agree. Of those employees that have accidentally leaked data, the survey found:

  • 48% blamed themselves for rushing and making a mistake
  • 45% accidentally sent data to the wrong person
  • 35% were unaware that information should not be shared
  • 30% blamed the high-pressure work environment
  • 29% said they leaked data on accident because they were tired

Carelessness and a lack of awareness on data policies is a toxic mix that can lead to data breaches, but it's important to note that employees placed more fault with the corporate environment overall as a leading cause of breaches.

Confusion over data ownership and ethics
One of the most fascinating aspects of the Insider Data Breach survey is the confusion that employees have when it comes to data ownership, which contributes to "why" employees would intentionally share or leak data. According to the survey:

  • 60% of employees do not recognize that the organization is the exclusive owner of company data;
  • 29% of employees stated they believe the data they work on belongs to them alone -- not the organization

So, what can be done to solve this problem?
The survey shows that insider data breaches are frequent and concerning occurrences -- and that, clearly, traditional approaches to tackling this threat aren't working. Employees' autonomy makes it difficult for IT leaders to anticipate their behavior -- whether that's someone acting maliciously to harm the company, trying to cover up or play down an error, or taking shortcuts to get their job done.

Moving forward, IT leaders need to rely on technology to fill this gap in compliance. Advances in machine learning and big data analytics make it possible to define 'good' behavior for subsets and individual employees -- and then alert them when they're about to make a mistake or even block potentially malicious actions. On top of this, organizations should expect comprehensive reporting from any of their security tools so they can prove compliance with the raft of legislation they could be regulated by (including HIPAA, GDPR, and the NYDFS Cybersecurity Regulation).

People are the lifeblood of almost every organization -- and technology now needs to step in so we can also say they're no longer one of its biggest threats as well.

At Egress, Mark Bower is the General Manager for North America, responsible for strategic growth and customer success across the region. Prior to Egress, Mark led product and business strategy for Voltage Security, acquired by Hewlett Packard in 2015 and a pioneer in new data encryption technology methods that are now NIST standards in modern data-centric security for cloud, mobility and IoT applications.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15216
PUBLISHED: 2020-09-29
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...
CVE-2020-4607
PUBLISHED: 2020-09-29
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...