with malicious intent have every tool they
need at their disposal.
We ask our workforce to do more, share more
and make snap judgements about data
sensitivity, appropriate protection and the
authenticity of email correspondents, all at
the relentless pace of competitive business.
This is set against a backdrop of punitive
data protection regulations. This is a new
environment where data is on the front line
and risk has increased disproportionately.
This shift means the way we understand and
manage insider risk needs to change too. We
must view it in the context of the modern
workplace and data security landscape and
ask: are our expectations of employees’
ability to keep data safe in this environment
realistic? Are we adequately supporting the
human layer of security?
“
THE EFFECT OF
THE MOBILE,
ALWAYS-ON
CULTURE WAS
REFLECTED
IN REASONS
EMPLOYEES GAVE
FOR ACCIDENTAL
DATA LEAKS.
Concern: IT leaders are viewing a
new type of risk through an old lens It highlighted discrepancies between IT
leaders’ perceptions of insider breach risk
and how they are managing it.
Evidence from our recent Egress Global
Insider Breach Survey indicates IT leaders
are struggling to adapt how they view and
manage insider risk in this new landscape.
The research asked 500 IT leaders and 5,000
employees about causes, frequency and
impacts of internal security breach incidents
and views about data risk and ownership. A staggering 97% of IT leaders are
concerned about this risk. A total of 78%
believed employees had leaked data
accidentally in the past 12 months and
three-quarters believed they had done so
intentionally. Looking ahead, 36% said it
was likely employees would put data at risk
in the coming year.
www.intelligentcio.com
Despite this concern, when asked what
security tools they have in place to mitigate
insider breaches, just half of IT leaders said
they are using antivirus software to combat
phishing attacks, 48% are using email
encryption to protect data and 47% provide
secure collaboration tools.
IT leaders appear resigned to a degree
of inevitability when it comes to insider
breaches, acknowledging the sustained
risk but not adopting new strategies or
technologies to mitigate them. They’re
viewing a new risk through an old lens by
continuing to focus on static prevention
strategies aimed at securing the devices and
network layers, rather than addressing the
human layer where mistakes are actually
made. Effectively, they are adopting a risk
posture in which employees putting data at
risk is deemed acceptable. From a board-
level perspective, this must be cause for
serious concern.
Components: Analysing the
human layer
Employees offer considerable insight into
insider breach risk. Our research found 27%
said they or a colleague had accidentally
leaked data in the past year and 29% had
deliberately breached company policy when
sharing data.
INTELLIGENTCIO
47