"Humans are the greatest asset of any given organisation but also the weakest link within, being predominantly unaware of their behaviour and providing ample opportunities for intruders to infiltrate."
Data breach. The mere phrase conjures images of crafty cybercriminals determined to access an organization’s valuable data. However, it turns out that insider threats (in other words, employees) appear to be the leading cause of data loss within an organization.
You may not hear about these breaches as often, but insider leaks are even more prevalent than the data breaches caused by cyber attacks. Whether malicious or not, incidents involving company insiders are stacking up at an alarming rate and surpassing the other types of threats that companies face.
Why are these types of breaches so significant? For one thing, insider threats mean a business is much more vulnerable. After all, leaks that occur from within mean someone with authorized access has caused the leak, whether deliberately or accidentally.
There are three main types of insider threats that occur within an organization:
- Malicious activity: "I quit, and I’m taking the files with me."
- Negligence: "The email asked me to enter my password, so I did."
- Accidents: "Oops. I didn’t mean to send that email."
Malicious Insider Threats to Data Privacy
It’s safe to assume most users don’t have bad intentions. There is no denying that unhappy, untrained, and careless employees are the cause of serious data breaches. Partners, third-party vendors, remote employees, subcontractors, and other humans create a higher risk for a company. When it comes to data privacy, adding humans always adds risk.
Organizations must consider the fact that employees have a much better understanding of the company, the ins and the outs, the systems, credentials, and the financials. This increases the risk and probability for sensitive data to be leaked by an insider. Key information such as passwords, customer data, intellectual property, financial information, and more are at risk of falling into the wrong hands.
Insider Threats Caused by Negligence or Accidents
In a 2016 study by the Ponemon Institute, 65% of the incidents reported were caused by employee or contractor negligence. In these situations, an organization's sensitive data is breached directly due to accidents or negligence. For instance, insiders may inadvertently allow malware to be installed on their computers or lose their mobile phones or laptops.
In a separate analysis of 2016 New York data breaches with a different methodology, AG Eric Schneiderman found 41% of breaches were the result of hacking and 37% of breaches were the result of employee negligence. However, it’s worth noting that Schneiderman’s analysis doesn’t not appear to to count employee employee involvement in the hack through phishing, for instance, as part of his negligence numbers.
Take Steps to Prevent Insider Data Leaks
The actions of an insider, whether an employee or a contractor, can prompt severe company-wide consequences. This is why it is vital for companies to take the proper precautions, including training and educating employees on data breaches.
A company’s No. 1 line of defense is to ensure that all employees are properly vetted and trained. Ensure every member of the organization understands how breaches occur, how to avoid them, and how to respond to situations involving personally identifiable information (PII) or other sensitive data. The future of your company may depend on it.
Don’t Be a Victim
Data breaches are a fact of life - but 90% of them can be avoided. The imperative is that you have a proactive plan in place for preventing a potential data breach. Taking these types of precautions can save your business from catastrophic failure.