Clearswift Insider Threat Index 2018
- Organisations report that 38% of IT security incidents occur as a direct result of their employees actions, and 75% originate from their extended enterprise (employees, customers, suppliers)
- Ex-employees are responsible for 13% of cyber security incidents
New research by data security company, Clearswift, has shown that year on year cyber security incidents from those within the organisation, as a percentage of all incidents, have fallen in the UK and Germany, two countries currently now under the ruling of GDPR. However, in the United States, a country outside of the direct jurisdiction, threats are on the rise.
The research surveyed 400 senior IT decision makers in organisations of more than 1,000 employees across the UK, Germany, and the US. The data has revealed that when looking at the true insider threat, which takes into account inadvertent and malicious threats from the extended enterprise – employees, customers, suppliers, and ex-employees – this number sits at 65% in the UK, down from 73% in 2017. Similarly, senior IT decision makers in Germany also saw a drop to 75%, down from 80% the previous year. US respondents actually saw a rise in the insider threat up to 80%, a number rising from 72% in 2017.
Direct threats from an employee within the business – inadvertent or malicious – now make up 38%, of incidents. This has halted the rising threat evident in 2017 and 2015 showing 42% and 39% respectively. Threats from ex-employees account for 13% of all cyber security incidents, highlighting a clear need for better processes when employees part ways.
“Although there’s a slight decrease in numbers in the EMEA region, the results once again highlight the insider threat as being the chief source of cyber security incidents. Three quarters of incidents are still coming from within the business and its extended enterprise, far greater than the threat from external hackers. Businesses need to shift the focus inwards”, said Dr Guy Bunker, SVP Products at Clearswift.
“I think at the very least what GDPR has done is ensure firms have a better view of where critical data sits within their business and highlighted to employees that data security is an issue that is now of critical importance, which may be why we’ve seen a drop in the insider threat across EU countries. If a firm understands where the critical information within the business is held and how it is flowing in and out of the network, then it is best placed to manage and protect it from the multitude of threat vectors we’re seeing today.”
Although internal threats pose the biggest threat to most organisations, employers believe that the majority (62%) of incidents are accidental or inadvertent rather than deliberate in intent; a number that is slightly down on 2017 (65%).
The insider threat was slightly less for companies with over 3,000 employees (36%), as opposed to those with between 1,000 – 3,000 employees. This is a possible indication of more robust internal processes and checkpoints at larger businesses.
Bunker added, “Organisations need to have a process for tracking the flow of information in the business and have a clear view on who is accessing it and when. Businesses need to also ensure that employees ‘buy into’ the idea that data security is now a critical issue for the business. Educating them on the value of data, on different forms of data, what is shareable and what’s not, is crucial to a successful cyber security strategy.
“Having said that, mistakes can still happen and technology can act as both the first and last line of defence. In particular,Adaptive Data Loss Prevention solutions can automatically remove sensitive data and malicious content as it passes through a company network.”