According to research by the Ponemon Institute, the actions of agency employees can be even riskier. More than one third of all data breaches are internal and unintentionally caused by employees, and federal agencies are not exempt. In fact, the public sector is one of the most targeted industries, second only to financial services.
"While external attackers and their evolving methods pose a great threat to companies, the dangers associated with the insider threat can be equally destructive and insidious," said Larry Ponemon, chairman of the research firm, in a recent interview. "Eight years of research on data breach costs has shown employee behavior to be one of the most pressing issues facing organizations today, up 22% since the first survey."
According to Privacy Rights Clearinghouse, government agencies have seen a steady increase in employee-caused data breaches over the last four years. Employee negligence has caused over 150 breaches since January 2009, resulting in the loss of more than 92.5 million data records.
[ Find out why malicious insider threats are getting harder to stop. Read Insider Threats Get More Difficult To Detect. ]
Unfortunately, public CIOs can't simply "plug the leak," but they can place a greater emphasis on the underlying cause of many data breaches: using insecure, un-managed methods to transfer sensitive data, such as:
-- Easily lost or stolen removable storage, particularly those housing unencrypted data (USBs, hard drives, disks, etc.)
-- Emails containing sensitive data sent to the wrong party
-- Third-party file-sharing and storage websites (Dropbox, Google Drive, etc.)
As occurrences increase in size and frequency, the cost per record lost is also rising. The Ponemon study reveals that the U.S. has one of the highest average costs per record ($136). The study also shows that third-party errors and lost or stolen devices have the most effect on the cost of a data breach.