Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security

06:00 AM
Mark Bower
Mark Bower
Mark Bower

How to Stop Insider Breaches From Becoming the Norm

Data breaches are now so common we rarely go a day without hearing about the latest one.

The average data breach now costs a company $3.86 million, up 6.4% since 2017. Unfortunately, data breaches are now so common we rarely go a day without hearing about the latest one. When these breaches are the result of employee actions, for example, accidental data leakage or clicking on a malicious link in an email, it can often be difficult for organizations to know how they can prevent this scenario from playing out again in future.

A big part of this problem is the perception gap between CIOs and IT leaders, and the employees who deal with data on a daily basis about the likelihood of insider breaches and their root causes. The Egress 2019 Insider Data Breach survey uncovered concerning findings to this effect.

According to the survey, IT leaders predominantly believe that employees are putting sensitive data at risk, both accidentally and maliciously, while employees say they're acting in accordance with corporate policies:

  • 79% of IT leaders believe that employees have put company data at risk accidentally in the last 12 months, and 61% believe employees have put company data at risk maliciously
  • 92% of employees say they haven't accidentally broken their company's data sharing policy in the last 12 months, and 91% confirm they haven't done so intentionally
  • 60% of IT leaders believe that they will suffer an accidental insider breach in the next 12 months, and 46% believe they will suffer a malicious insider breach

These stats highlight a fundamental gulf between CIOs/IT leaders and employees that creates a major challenge for organizations attempting to stem the growing tide of insider breach incidents. With internal actors unaware of, or unwilling to admit their responsibility, organizations must look to technology to provide the necessary level of mitigation and reporting to protect sensitive assets.

Carelessness and a lack of awareness
While some IT leaders believe data is being leaked by employees on purpose to harm an organization (30%) or for financial gain (28%), other inside data breaches are simply caused by employee carelessness and lack of awareness. When CIOs and IT leaders were asked to name the leading causes of accidental breaches, the survey found:

  • 60% cited employee carelessness
  • 44% cited a general lack of employee awareness on data policies
  • 36% indicated a lack of training on the company's security tools

According to the survey, this is one area that CIOs/IT leaders and employees tend to agree. Of those employees that have accidentally leaked data, the survey found:

  • 48% blamed themselves for rushing and making a mistake
  • 45% accidentally sent data to the wrong person
  • 35% were unaware that information should not be shared
  • 30% blamed the high-pressure work environment
  • 29% said they leaked data on accident because they were tired

Carelessness and a lack of awareness on data policies is a toxic mix that can lead to data breaches, but it's important to note that employees placed more fault with the corporate environment overall as a leading cause of breaches.

Confusion over data ownership and ethics
One of the most fascinating aspects of the Insider Data Breach survey is the confusion that employees have when it comes to data ownership, which contributes to "why" employees would intentionally share or leak data. According to the survey:

  • 60% of employees do not recognize that the organization is the exclusive owner of company data;
  • 29% of employees stated they believe the data they work on belongs to them alone -- not the organization

So, what can be done to solve this problem?
The survey shows that insider data breaches are frequent and concerning occurrences -- and that, clearly, traditional approaches to tackling this threat aren't working. Employees' autonomy makes it difficult for IT leaders to anticipate their behavior -- whether that's someone acting maliciously to harm the company, trying to cover up or play down an error, or taking shortcuts to get their job done.

Moving forward, IT leaders need to rely on technology to fill this gap in compliance. Advances in machine learning and big data analytics make it possible to define 'good' behavior for subsets and individual employees -- and then alert them when they're about to make a mistake or even block potentially malicious actions. On top of this, organizations should expect comprehensive reporting from any of their security tools so they can prove compliance with the raft of legislation they could be regulated by (including HIPAA, GDPR, and the NYDFS Cybersecurity Regulation).

People are the lifeblood of almost every organization -- and technology now needs to step in so we can also say they're no longer one of its biggest threats as well.

At Egress, Mark Bower is the General Manager for North America, responsible for strategic growth and customer success across the region. Prior to Egress, Mark led product and business strategy for Voltage Security, acquired by Hewlett Packard in 2015 and a pioneer in new data encryption technology methods that are now NIST standards in modern data-centric security for cloud, mobility and IoT applications.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.