Data breaches caused by internal employees have become a common occurrence, a new report from insider risk management firm Code42 suggests.
In its latest report, Code42 says that a third (33 percent) of reported data breaches involve an insider. Most of the time, these insiders do not have malicious intent, but expose data accidentally.
Sometimes employees send sensitive data to the wrong address, sometimes they leave it open to the public. Of all the data breaches involving insiders, 78 percent are unintentional.
The best way to minimize this potential threat, Code42 says, is by having a “consistent, centralized visibility into file movements happening across environments”. The fact that 75 percent of organizations don’t have visibility of this kind suggests most firms lack the tools to monitor their file exposure.
Last year, during the pandemic, a data breach was 4.5 times more likely to happen on employee endpoints, rather than servers. Even today, trusted insiders create 13 data exposure events every day on average, by moving corporate files to untrusted locations either via email, messaging, cloud or removable media.
By exposing sensitive data to third parties, organizations are risking a lot, the report concludes, as the cost of remedying the problem reach up to 20 percent of annual revenue.
“Without visibility into the enterprise file movements, the process of making business decisions (i.e., data governance) with respect to your Insider Risk is based on mere intuition, gut and that needs to change,” said Derek Brink, VP and Research Fellow at Aberdeen.
“Valuable enterprise files are always on the move — in support of your organization’s initiatives for productivity, collaboration, digital transformation, and intelligent automation. The past three years have shown that potential data loss or exposure is more likely to succeed on endpoints than on servers and it’s getting worse.”