Why do people cause data breaches?

Thought Leadership

Data has become one of the world’s most valuable assets – so, unsurprisingly, protecting it from a multitude of risks remains a continual challenge.

Over the last five years, headline-grabbing incidents have demonstrated the potential implications of a data breach – from damaged business reputation, to loss of revenue and even company devaluation. According to the 2018 Cost of a Data Breach survey conducted by the Ponemon Institute, on average data breaches cost a company $3.86m, up 6.4% from 2017.

Many of the incidents sensationalised by the media are cyberattacks. So much so, in fact, that organisations that have suffered a non-criminal data breach frequently use media statements as vehicles to reassure service users that information hasn’t been accessed by hackers.

Of course, protecting data from cyberattacks remains key – but equally harmful is the risk that internal employees also pose to sensitive data.

As the impacts of data breaches increase, so do the opportunities for employees to leak sensitive data – either accidentally or maliciously. IDC estimates a 300% increase in unstructured data (emails and files) by 2020, as organisations adopt new digitised working practices. As a result, employees are sharing more information digitally, including emails and multimedia content, such as audio and video files – creating a great surface area for risk and, ultimately, data breaches to occur.

How much of a problem are insider data breaches?

Our recently launched Insider Data Breach survey shows just how prolific insider data breaches are. 79% of IT leaders (CISOs, CIOs, IT Directors, etc) believe employees have put sensitive company data at risk accidentally in the last 12 months, and 60% believe it’ll happen again within the next year. Meanwhile, 61% of IT leaders believe employees have put sensitive company data at risk maliciously, and 46% believe it’ll happen again in the next 12 months.

Insider data breaches can take many different forms – from employees sharing spreadsheets via email with the wrong recipients or forgetting to use Bcc when sending a mass email, to taking customer lists and IP to new jobs, and posting data on the internet as a malicious act to harm the organisation.

What’s behind insider data breaches?

To mitigate a security threat, organisations need to understand as much as possible about it. The problem: Cybersecurity threats involving people are difficult to predict and can change over time.

Focusing on insider data breaches, it can be difficult to know when a person might be about to leak data accidentally. In fact, our research shows that IT leaders believe the top three causes of insider data breaches are employees rushing and making mistakes (60%), lack of awareness (44%), and lack of training for security tools (36%).

Yet when we asked employees about the times they’ve put sensitive company data at risk, the results showed a stark disconnect with what IT leaders report is happening in their organisations – and provide another area for concern: Do people know when they’ve caused a data breach and, if so, are they willing to admit to it?

People’s morality and motivation also impact the way they handle company data, with employees calling into question who owns company data anyway?

Is it possible to mitigate insider data breaches?

As an IT leader, it’s incredibly difficult to predict which day of the week a colleague might be in a rush, whether they really know when to use security tools (and are also actually willing to do so!), or if they want to gain financially from selling corporate data.

This is where IT leaders need to turn to technology to quantify risk and ensure that data is protected in line with policy (without a person interpreting how relevant or convenient a policy might be!).

Machine learning can be used to analyse the level of risk when employees interact with data. For example, when an employee goes to send an email, this technology can analyse factors such as the email recipients to understand any prior interactions with the sender and whether this interaction is within those limits for ‘normal’ behaviour, and whether the email content / attachments are sensitive and therefore at risk from being include in this email thread. The technology can then ensure the sender uses the right level of email encryption to protect sensitive information or prevent them from sending the email entirely. 

Given how frequently IT leaders acknowledge insider data breaches occur, it’s crucial they take a proactive approach to mitigating thus risk – including implementing the technologies that will help them achieve this.

You might also be interested in ...