Written By ESR News Blog Editor Thomas Ahearn
The annual 2019 Global Data Exposure Report released by leading data loss prevention (DLP) solution provider Code42 found that over two-thirds of organizations – 69 percent – said they suffered a data breach due to an insider threat and confirmed they had a DLP solution in place at the time of the intrusion.
The report – which surveyed more than 1,600 information security leaders and business decision-makers from the United States, United Kingdom, Germany, Austria, and Switzerland – found insider threat from current and departing employees caused data breaches and legacy DLP solutions fell short in getting the job done.
The report found some organizations had not put in appropriate detection and response data security controls and instead simply trusted employees to keep data safe. However, the study showed that employees take more risks with data than employers think, which leaves organizations open to insider threat. Key findings included:
- Nearly one-third – 31 percent – of business decision-makers used social media platforms such as Twitter, Facebook, or LinkedIn to send files and collaborate with colleagues rather than sticking to company-provided file sharing and collaboration tools.
- Over three-quarters – 78 percent – of Chief Security Officers (CSOs) and 65 percent of Chief Executive Officers (CEOs) admitted to clicking on a link they should not have, showing that no level of employee is immune to lapses in judgment.
- These risk-based actions are why half of the data breaches that companies admitted to experiencing in the previous 18 months have been caused by employees, according to 50 percent of information security leaders and 53 percent of business decision-makers.
“The brutal truth is employees take data. Companies that don’t have or underinvest in an insider threat program or rely on legacy data loss prevention solutions, are feeling the pain and winding up in headlines,” Joe Payne, Code42 president and CEO, stated in a press release about the report.
The report found nearly two-thirds – 63 percent – of survey respondents admitted to bringing data from past employers to new jobs. Employees felt entitled to personal ownership over their work as 72 percent of information security leaders felt: “It’s not just corporate data, it’s my work – and my ideas.”
While 69 percent of organizations saying they suffered a data breach due to an insider threat despite having a DLP solution in place before the breach, over three-quarters – 78 percent – of information security leaders believed that prevention strategies and solutions are not enough to stop insider threat.
“Organizations are overlooking the most harmful data security threat: their own employees. While security leaders likely are aware of the problem, they may not grasp the sheer magnitude of it. And most have fallen behind in effectively detecting and responding to insider threats,” Payne stated.
Data breach concerns have increased the need for information security in background screening firms that conduct background checks. This trend was chosen by leading global background check firm Employment Screening Resources® (ESR) as one of the “ESR Top Ten Background Check Trends” for 2019.
ESR offers a complimentary white paper titled “Background Checks and Reducing the Insider Threat: Strategies Before and After Hiring” to help organizations reduce the risk of a data breach caused by insider threat from employees, former employees, contractors, or business associates.
ESR is accredited by the Professional Background Screening Association (PBSA) – formerly the National Association of Professional Background Screeners (NAPBS) – and undergoes annual SSAE 18 SOC 2® Type 2 audits to protect consumer information from insider threat. To learn more, visit www.esrcheck.com.
NOTE: Employment Screening Resources® (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this website is for educational purposes only.
© 2019 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.