The concern about intentional data breaches has increased year-on-year, with 75% of IT leaders believing that employees have put data at risk intentionally.
According to research by Egress of 528 CSOs and IT leaders, 97% of respondents said “insider breach risk” is a significant concern. Of those surveyed, 78% said that employees have put data at risk accidentally, while 75% believed employees have put data at risk intentionally. This is a rise of 14% since last year’s research.
Chief marketing officer, Tim Pickard, said he was not surprised that 97% of CISOs and IT leaders would be concerned, and too many companies are relying on employees to report breaches.
Egress CEO Tony Pepper added that the “severe penalties for data breaches mean IT leaders must action better risk management strategies, using advanced tools to prevent insider data breaches.”
Of those employees that have accidentally leaked data, 41% said it was due to a phishing message, 31% said that this was due to information being sent to the wrong recipient and 29% said that they or a colleague had intentionally shared data against company policy in the last year.
Looking at the causes of an intentional breach, 32% of those polled said that this was due to employees sharing data to personal systems, while 22% blamed employees leaking data to a contractor and 21% said that employees share data directly to cyber-criminals. Also, 18% said that employees take data to a new job, with only 4% saying that they “don’t have malicious insider breaches.”
Speaking to Infosecurity at the launch of the research, Pickard said that, from a point of view of intentionally leaking data, “there is a general awareness around the potential risks that exist from employees, and it doesn’t have to be malicious to be intentional, it could be mis-guided by someone trying to get their job done and putting data at risk.
“There are a number of elements at play, as none of us see the work environment getting any easier and there will be increased pressure at work for most people,” Pickard argued. “People have access to all sorts of technologies that IT leaders would rather they did not have, and cloud is a great thing, but it makes available some powerful technologies to people for a very small amount of money.”
Speaking to Infosecurity, Panaseer CEO Nik Whitfield cited the case of Sergey Aleynikov who was charged with stealing code from Goldman Sachs and giving it to his next employer. “There are different types of insider: some help themselves while some do it maliciously – but to them it is normal behavior,” he said. “Malicious insiders are also being placed by cyber-criminals and getting jobs in companies to steal information or to do corporate espionage.”