CIO opinion
“
C-LEVEL
EXECUTIVES
SHOULD ALSO
RECOGNISE
THE DIVERSE
PERSONALITY
TYPES THAT
PRESENT
VARYING RISKS.
The effect of the mobile, always-on culture
was reflected in reasons employees gave for
accidental data leaks. A total of 23% said
they had done so because they were using a
mobile device and the same percentage said
they were under pressure when they made
the error. One in five cited tiredness as the
cause of their mistake. The ever-growing risk
from phishing emails was a factor in 41%
of accidental data breaches, while 31%
admitted accidentally sending data to the
wrong person. These figures are needlessly
high given the availability of security tools
that use contextual Machine Learning to
prevent misdirected emails, stop the wrong
attachments being attached, alert users to
phishing emails and help employees use
encryption tools correctly.
Reasons given for deliberate breaches
reflect everyday frustrations and ethical
frailty in the workforce. A quarter took a risk
and shared data against company policy
because they didn’t have the right tools to
share it safely, while 46% took company
data with them when they went to a new
job. These responses show employees are
not being supported to share data safely
and that a significant percentage should be
monitored more closely based on breach risk.
C-level executives should also recognise
the diverse personality types that present
varying risks. Our research showed that, on
average, more senior employees are more
likely to intentionally breach data sharing
rules. A total of 78% of director-level
48
INTELLIGENTCIO
employees said they had done so in the past
year, compared with 10% of clerical workers.
In contrast, 44% of clerical staff have
misdirected an email, while only 20% of
directors admitted to making this mistake.
Another aspect affecting insider risk is
employees’ attitudes to data ownership. Our
research found only 41% understand that
data belongs exclusively to the business.
Others felt it belonged to departments,
teams or individuals that had worked on it.
This proprietary view explains employees’
tendency to take data with them to new jobs
or take risks when sharing data.
Again, this points to the need to support
and manage the human layer of data
security. In a pressurised, connected
workplace, it’s not realistic to expect that
employees will get things right every time,
or that they will always act honourably
in accordance with company policy. At
Egress we understand this and we have
developed contextual Machine Learning
tools that provide a safety net for users to
prevent breaches, protect data and ensure
regulatory compliance against the new
generation of human-activated breaches –
without compromising productivity. Gaining
a better understanding of insider breach
risk means executives must recognise how
it has evolved; understand how employees
view data ownership and the different
personalities in the workforce that put data
at risk; and ultimately ensure IT leaders are
deploying solutions that mitigate today’s
risks, not those of the past. n
“
THE EVER-
GROWING RISK
FROM PHISHING
EMAILS WAS A
FACTOR IN 41%
OF ACCIDENTAL
DATA BREACHES.
www.intelligentcio.com