Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:50 PM
Dark Reading
Dark Reading
Products and Releases

Code42 2019 Global Data Exposure Report Finds 69% of Security Leaders Say Data Loss Prevention Cannot Stop Insider Threat

New research underscores major data security threat posed by employee actions

MINNEAPOLIS--(BUSINESS WIRE)--Code42, the leader in data loss protection, released the annual 2019 Global Data Exposure Report. The study found that insider threats – caused by current and departing employees – expose companies to breaches and put corporate data at risk. The research also questions whether the right data security solutions are being funded and deployed to stop insider threats and asserts that legacy data loss prevention solutions fall short in getting the job done.

Code42 launches 2019 Global Data Exposure Report. #TeamCode42 surveyed 1,028 #datasecurity leaders to examine the root cause of #insiderthreat: employee behavior. The results are staggering: https://bit.ly/2nrPPKA #dataloss #dataprotection #cyberthreat

Tweet this

Today, 79% of information security leaders believe that employees are an effective frontline of defense against data breaches. However, this year’s report disputes that notion.

Wake-Up Call: Insider Threats are your Biggest Danger to Data Security
Recognizing that employees are the power behind any organization, companies are increasingly implementing strategies for collaboration to make information sharing easier than ever. Unfortunately, some organizations have not put in appropriate detection and response data security controls, and instead simply trust employees to keep data safe. However, this trust is frequently abused. The study showed that employees take more risks with data than employers think, which leaves organizations open to insider threat. Key findings said:

  • Rather than sticking to company-provided file sharing and collaboration tools, one in three (31%) business decision-makers also use social media platforms, such as Twitter, Facebook or LinkedIn, 37% use WhatsApp and 43% use personal email to send files and collaborate with their colleagues.
  • Over three-quarters (78%) of CSOs and 65% of CEOs admit to clicking on a link they should not have, showing that no level of employee is immune to lapses in judgement.
  • These types of risk-based actions are why half of the data breaches that companies admitted to experiencing in the previous 18 months have been caused by employees, according to both information security leaders and business decision-makers (50% and 53% respectively).

“Organizations are overlooking the most harmful data security threat: their own employees. While security leaders likely are aware of the problem, they may not grasp the sheer magnitude of it. And most have fallen behind in effectively detecting and responding to insider threats,” said Joe Payne, Code42 president and CEO. “The brutal truth is employees take data. Companies that don’t have or underinvest in an insider threat program or rely on legacy data loss prevention solutions, are feeling the pain and winding up in headlines. Security leaders must find a better way to protect sensitive company data and address threats coming from within their own walls.”

Departing Employees Pose Major Security Risks
While most employees try to leave their jobs on a positive note, chances are they are taking more than just memories when they leave; they’re also pocketing proprietary data – negatively impacting their former colleagues. Equally as concerning as departing employees are incoming employees who bring data from their prior organizations with them. The study found:

  • Nearly two-thirds (63%) of survey respondents admit to bringing data from past employers to their new jobs.
  • What’s more, most employees today feel entitled to personal ownership over their work. In fact, a large majority of information security leaders (72%) agree: “It’s not just corporate data, it’s my work – and my ideas.”

Traditional Prevention Solutions Are Not Working
Information security leaders know their data is at risk. While traditional prevention solutions are widespread, these solutions aren’t proving effective in protecting valuable data, such as customer lists and source code, from insider threats. The Global Data Exposure Report showed:

  • Over two-thirds (69%) of organizations say they were breached due to an insider threat and confirm they had a prevention solution in place at the time of the breach.
  • Over three-quarters (78%) of information security leaders – including those with traditional data loss prevention (DLP) – believe that prevention strategies and solutions are not enough to stop insider threat.

In line with these findings, a commissioned study conducted by Forrester Consulting in 2019 on behalf of Code42 found that four in five (81%) survey respondents need a better way to protect sensitive data without slowing down innovation. Furthermore, nearly half (48%) of them also deemed it a critical priority in the next year to better protect sensitive company and customer data.

“We’re seeing companies empower their employees without the proper security programs in place, leaving companies in a heightened state of risk,” said Jadee Hanson, CISO and vice president of information systems of Code42. “In addition to enforcing awareness trainings, implementing data loss protection technologies and adding data protection measures to on- and off-boarding processes, organizations should not delay in launching transparent, cross-functional insider threat programs. Insider threats are real. Failing to act will only result in increasingly catastrophic data loss and breaches.”

Download a free copy of the 2019 Global Data Exposure Report here.

The research for this report was conducted by Sapio Research, an independent research consultancy based in the United Kingdom. The survey was completed, via online response, during May 2019.

The respondent breakdown is as follows:

Information Security Leaders:

  • USA: 375
  • UK: 377
  • Germany, Austria and Switzerland: 276

Almost a quarter (21%) of the information security audience are representative of the C-suite, including CISOs, CSOs, CIOs and CTOs.

Business Decision-Makers:

  • USA: 200
  • UK: 200
  • Germany, Austria and Switzerland: 215

Thirty percent of the business audience are representative of the C-suite.

The research surveyed 1,028 information security leaders, as well as 615 business decision-makers, all with decision-making powers, or influence over, the provisioning of cybersecurity solutions, products and services.

About Code42
Code42 is the leader in data loss protection. Native to the cloud, the Code42 Next-Gen Data Loss Protection solution rapidly detects insider threats, helps satisfy regulatory compliance requirements and speeds incident response – all without lengthy deployments, complex policy management or blocking user productivity. Because the solution collects and indexes every version of every file, it offers total visibility and recovery of data – wherever it lives and moves. Security, IT and compliance professionals can protect endpoint and cloud data from loss, leak and theft while maintaining an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42 Next-Gen Data Loss Protection preserves files for compliance and can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.

More than 50,000 organizations worldwide, including the most recognized brands in business and education, rely on Code42 to safeguard their ideas. Founded in 2001, the company is headquartered in Minneapolis, Minnesota, and backed by Accel Partners, JMI Equity, NEA and Split Rock Partners. For more information, visit code42.com, read Code42’s blog or follow the company on Twitter.

© 2019 Code42 Software, Inc. All rights reserved. Code42 and the Code42 logo are registered trademarks or trademarks of Code42 Software, Inc. in the United States and/or other countries. All other marks are properties of their respective owners.

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.