Seven in 10 Breaches Are Caused by Insiders, New Study Shows

Accidental internal breaches pose a growing security risk, with over 70% of companies suffering this type of breach during the last five years, according to a new study.

Some 46% of staffers leading cybersecurity at their organizations rank accidental employee breaches among their top three concerns, behind external hacks (55%) and malware (53%), according to a survey of 500 IT security decision makers by Egress.

While malicious and unwary insiders don’t top the list of threats, it turns out that seven out of 10 breaches suffered by those surveyed stemmed from an insider messing up accidentally, or intentionally. The insider threat phenomenon is also trending. Half of reported cybersecurity incidents caused by an insider occurred only in the past 12 months, respondents said.

This trend, coupled with new data protection laws like the General Data Protection Regulation (GDPR) and the pending California Consumer Privacy Act (CCPA), apparently are still not enough to wake businesses up to reality. Egress found that only 39.6% of organizations are educating staff on how to improve security when sharing data. This finding is worrying, as the human factor is the enabler in almost every successful cyber-attack reported in the media.

Email is the most common entry point

Like many studies before it, the research found that both corporate and personal email are the leading applications for accidental data leaks. These are followed by file sharing services, collaboration tools, and SMS instant messaging.

It’s not uncommon for employees to share unencrypted sensitive data outside of the organization, increasing the likelihood of a breach, the surveyors also found. Internal data sharing has become a worrying blind spot as well, with 65% of respondents revealing that their organization does not use encryption when sharing data internally.

Compliance with new data protection legislation

On a slightly more positive note, 93% of organizations are keen to become compliant with regulations like the GDPR and the CCPA, with the majority of respondents saying they’ve made a priority out of improving the use of existing security technologies (58.8%), their data handling practices (55.8%), and investing in new security technologies (55.2%). Staff education (39.6%) and hiring new security personnel (29.2%) are, unfortunately, much lower on the to-do list, despite clear evidence that improving these aspects helps create a robust cybersecurity posture.

In a study conducted by Bitdefender earlier this year, 38% of IT decision makers agreed that the best way to defend against advanced attacks is to provide adequate training and support. The research found that organizations placing more emphasis on training are better at detecting attacks quickly, and more efficient at isolating them.

*** This is a Security Bloggers Network syndicated blog from Business Insights In Virtualization and Cloud Security authored by Filip Truta. Read the original post at: