Most Insider Data Breaches Aren’t Malicious

Security

The majority of insider data breaches are non-malicious, according to new research released today by American cybersecurity software company Code42 in partnership with Aberdeen Research

The report Understanding Your Insider Risk and the Value of Your Intellectual Property found that at least one in three (33%) reported data breaches involve someone with authorized access to the impacted data.

A key finding of the report was that 78% of those insider data breaches involved unintentional data exposure or loss rather than any malice. Researchers observed employees repeatedly taking actions that put valuable company data at risk while fulfilling their day-to-day work responsibilities. 

The daily average of data-exposure events by trusted insiders per user was 13 and included moving corporate files to untrusted locations via email, messaging, cloud or removable media.

While such breaches are unlikely to be caused by malice, they can still have a significant financial impact on a business. The study found the cost per year of breaches from insiders can reach up to 20% of annual revenue.

Businesses are struggling to maintain data security as most of them do not have consistent, centralized visibility over their own digital environments. Researchers found that 75% of organizations lack the tools necessary to track how much enterprise file movement their organization has and to monitor how frequently valuable files are exposed by legitimate users carrying out their daily tasks.

Another key finding of the research was that in 2020 a breach was four and a half times more likely to happen on an endpoint than on a server. 

“Data stewardship has become a boardroom imperative. And while insider risk is not a new problem in security, managing it effectively in today’s open and collaborative business climate with enough resources is,” said Joe Payne, Code42’s president and CEO.

“We know that one out of three data breaches involves an insider, though it’s likely much higher. Important ideas and key IP encompass much more than just the company crown jewels. It includes the very digital and portable information like source code, customer lists and salary structures – data that when taken can leave a devastating impact on a company’s competitive position and bottom line.”

Products You May Like

Articles You May Like

Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe
LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages
Thousands Download Malicious npm Libraries Impersonating Legitimate Tools
CISA and EPA Warn of Cyber Risks to Water System Interfaces
Ukraine’s Security Service Probes GRU-Linked Cyber-Attack on State Registers

Leave a Reply

Your email address will not be published. Required fields are marked *