Data Privacy Regulations
 

Your Own People Are Largely Responsible for Data Breaches

August 30, 2017
 
 
 
#analysis, #stats, #events
"Humans are the greatest asset of any given organisation but also the weakest link within, being predominantly unaware of their behaviour and providing ample opportunities for intruders to infiltrate."

—Comparethecloud.net, 2017

Data breach. The mere phrase conjures images of crafty cybercriminals determined to access an organization’s valuable data. However, it turns out that insider threats (in other words, employees) appear to be the leading cause of data loss within an organization.

You may not hear about these breaches as often, but insider leaks are even more prevalent than the data breaches caused by cyber attacks. Whether malicious or not, incidents involving company insiders are stacking up at an alarming rate and surpassing the other types of threats that companies face.

Why are these types of breaches so significant? For one thing, insider threats mean a business is much more vulnerable. After all, leaks that occur from within mean someone with authorized access has caused the leak, whether deliberately or accidentally.

There are three main types of insider threats that occur within an organization:

  • Malicious activity: "I quit, and I’m taking the files with me."
  • Negligence: "The email asked me to enter my password, so I did."
  • Accidents: "Oops. I didn’t mean to send that email."

Malicious Insider Threats to Data Privacy

It’s safe to assume most users don’t have bad intentions. There is no denying that unhappy, untrained, and careless employees are the cause of serious data breaches. Partners, third-party vendors, remote employees, subcontractors, and other humans create a higher risk for a company. When it comes to data privacy, adding humans always adds risk.

Organizations must consider the fact that employees have a much better understanding of the company, the ins and the outs, the systems, credentials, and the financials. This increases the risk and probability for sensitive data to be leaked by an insider. Key information such as passwords, customer data, intellectual property, financial information, and more are at risk of falling into the wrong hands.

Insider Threats Caused by Negligence or Accidents

In a 2016 study by the Ponemon Institute, 65% of the incidents reported were caused by employee or contractor negligence. In these situations, an organization's sensitive data is breached directly due to accidents or negligence. For instance, insiders may inadvertently allow malware to be installed on their computers or lose their mobile phones or laptops.

In a separate analysis of 2016 New York data breaches with a different methodology, AG Eric Schneiderman found 41% of breaches were the result of hacking and 37% of breaches were the result of employee negligence. However, it’s worth noting that Schneiderman’s analysis doesn’t not appear to to count employee employee involvement in the hack through phishing, for instance, as part of his negligence numbers.  

60% of cyber attacks involve insiders.

Take Steps to Prevent Insider Data Leaks

The actions of an insider, whether an employee or a contractor, can prompt severe company-wide consequences. This is why it is vital for companies to take the proper precautions, including training and educating employees on data breaches.

A company’s No. 1 line of defense is to ensure that all employees are properly vetted and trained. Ensure every member of the organization understands how breaches occur, how to avoid them, and how to respond to situations involving personally identifiable information (PII) or other sensitive data. The future of your company may depend on it.

Don’t Be a Victim

Data breaches are a fact of life - but 90% of them can be avoided. The imperative is that you have a proactive plan in place for preventing a potential data breach. Taking these types of precautions can save your business from catastrophic failure.

CSR Readinesss®, CSR Readiness® Pro and Legal Readiness® can help your organization prevent a data breach. Start your assesment today and mitigate your risk of a breach.

Sources:

https://www.comparethecloud.net/articles/the-weakest-link-in-the-cyber-security-battle-the-human-factor/
https://www.tripwire.com/state-of-security/security-data-protection/insider-threats-main-security-threat-2017/
https://ag.ny.gov/press-release/ag-schneiderman-announces-record-number-data-breach-notices-2016
https://securityintelligence.com/media/2016-cost-data-breach-study/

 
 
Privacy Prime
  • 22 Jan 2018

    Meticulous Equifax Timeline

    Data Breach timeline for Equifax's 2017 Data Breach. One of the most significant data breaches to date.

  • 22 Jan 2018

    2017 Year End Review

    Every year breaches are becoming more prevalent and have a much higher impact then years prior. Take a look at some of the breach reports that it made it on our list.