Data Loss Prevention

Is deliberate exfiltration or human error the bigger outbound threat?

by Egress
Published on 4th Aug 2022

Outbound threats cause a continuous headache for IT professionals. There’s so much variety in type and risk level, and prioritizing what to be most concerned about is a challenge. Plus, risks have ramped up in recent years due to the rise in home working, flexible working, and BYOD, making the landscape more complex. It’s easy to be concerned about whether you have the right tools in place to deal with the multitude of cybersecurity risks out there.

Deliberate exfiltration by malicious actors sounds like an incredibly dangerous issue, but the problems caused by simple human error can be equally catastrophic, and must not be overlooked.

In our latest report, “Cybersecurity experts’ views on email within Microsoft 365”, Lisa Forte (Co-founder, Red Goat Cyber Security LLP), Robin Bell (CISO, Egress Software Technologies), and Jack Chapman (VP of Threat Intelligence, Egress Software Technologies) compare the two risk to determine which threat is bigger – and why.

Visibility is lacking

“Based on the data, human error is the bigger outbound threat by far,” says Jack Chapman. “However, this will vary per organization, based on IP value, data segmentation, and other factors. One of the issues with answering this question for most security teams, however, is that they don’t have visibility of what is actually occurring.”

Visibility has been affected by remote working, where training can get overlooked and problems can slip through the cracks – partly attributed to a lack of full visibility over the technology employees are using when working from home.

Plus, according to Gartner, non-IT executives often see cybersecurity as something that is ‘just there’, and don’t consider it as a part of ongoing business decisions. This makes it a bigger problem for the entire organization. 

Protecting commercially sensitive data matters

“Human error will always be the biggest threat,” says Forte. “Every single one of us makes mistakes on a daily basis. Inevitably, that transfers to security and data risk too. It isn’t just regulated or personal data we need to be mindful of either. Commercially sensitive data being accidentally sent to the wrong person can be catastrophic for a business. Deliberate exfiltration is on the rise, but not everyone has a malicious agenda. However, everyone does make mistakes.”

Yes, malicious attacks are still a concern, but it’s clear that simple internal mistakes caused by people with no agenda are the primary issue here. There are so many ways to make cybersecurity mistakes within a business, meaning that making cybersecurity part of a business’s core DNA can cut right down on these issues and increase visibility of threats across the board.

Human error happens every day

While cybersecurity awareness is at an all-time high and new security measures are being implemented regularly, 82% of all data breaches involve the human element. This includes falling for a phishing attack, the use of unauthorized credentials, and general mistakes (which account for 13% of breaches).

“Human error is still the main issue,” Bell confirms. “The vast majority of people abide by rules and laws and want to do right by their company and colleagues. But it’s too easy to make a mistake and accidentally send a sensitive email to the wrong person.” 

So, our experts have unanimously confirmed it: human error remains a bigger risk than deliberate exfiltration and many outbound email threats regularly slip through Microsoft 365’s native security features. This is why it’s so important to have the tools and software in place to protect your business while ensuring cybersecurity is a top priority flowing through every part of what you do. 

Download the full report to read more of our experts’ insights into cybersecurity and the biggest risks we’re facing today.