94% Of Organisations Have Suffered Insider Data Breaches

BACKGROUND:

New research has revealed that 94% of organisations have experienced insider data breaches in the last year. Additionally,

  • Human error was the top cause of serious incidents, according to 84% of IT leaders surveyed;
  •  Almost three-quarters (74%) of organisations have been breached because of employees breaking security rules;
  • 73% have been the victim of phishing attacks.

Experts Comments

July 14, 2021
Amit Sharma
Security Engineer
Synopsys Software Integrity Group

Insider threats are a significant potential issue faced by organisations around the globe and include threats stemming from malicious intent, human error, and falling victim to phishing scams. Many insider threats are born out of negligence rather than malicious intent. The human factor plays an important role by which unaware employees make for a good phishing attack target. There may also be instances involving accidental deletion of data without proper backups, incorrect access/privileges

.....Read More

Insider threats are a significant potential issue faced by organisations around the globe and include threats stemming from malicious intent, human error, and falling victim to phishing scams. Many insider threats are born out of negligence rather than malicious intent. The human factor plays an important role by which unaware employees make for a good phishing attack target. There may also be instances involving accidental deletion of data without proper backups, incorrect access/privileges are granted regarding sensitive data, purposely pushing vulnerable code to production due to time/demand pressure, etc. 

There have also been instances where disgruntled or former employees have intentionally leaked sensitive data for financial gain, with the aim of tarnishing the brand, or for competitive advantage. To manage such scenarios, policies should be enacted to minimise the impact and successes of insider threats. First and foremost, this involves managing privileges and permissions. The policy of least privilege should allow an employee/contractor only enough access to data to complete their job role. Regular monitoring should also be put in place to identify any potentially risky behaviour.

Employee security awareness training, phishing training campaigns, and password and data protection management policies are additional practices that will strengthen your organisation's security posture. Keeping employees apprised of their data security obligations on a regular basis will keep security risk top of mind. Employees, contractors, partners, etc. should have the tools and information on hand to stay vigilant.  And the 'what if' must also be accounted for. What if an insider attack does take place? Does your organisation have an incident response plan that accounts for such scenarios? Be prepared for the worst so that you can act quickly and effectively in order to disclose the event and minimise its impact to your business and customers.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.