This week Insurance Networking News debuted a top 12 list of common causes for security breaches according to the independent research organization Ponemon Institute, which specializes in data protection and information security policy. The study they conducted looks into the factors behind 2015 data theft incidents and what we can learn from them.
- Loss or theft of data is up sharply. Seventy-six percent of IT practitioners say their organization experienced the loss or theft of company data over the past two years. This is a significant increase from 67% of respondents who participated in the 2014 study. The leading cause is insider negligence.
- Insider negligence is the #1 internal threat. When a data breach occurs, 50% of IT respondents say negligent insiders are most likely to blame. In fact, insider negligence is more than twice as likely to be the cause over any other culprits, including external hackers, malicious employees or contractors.
- Ransomware is a growing nightmare for companies. While the vast majority of attempts to steal or gain access to valuable data are designed to be undetected, ransomware is one type of attack that loudly announces its presence. Given the rise of these threats,organizations aren’t becoming more prepared causing 78% of IT respondents to be extremely concerned about the threat of ransomware.
- Employees’ jobs require them to access more proprietary data. End users report a sharp increase since 2014 in their access to sensitive and confidential information. In this year’s study, 88% of respondents say their jobs require them to access and use proprietary information such as customer data, contact lists, employee records, financial reports, confidential business documents, software tools or other information assets. This is an increase from 76% of respondents in 2014.
- Companies need to track employees’ access to confidential data. Sixty-two percent of end users say they have too much access to confidential corporate data. This is an improvement from 2014 when 71 percent of respondents said end users had too much access. In addition, 47 percent say such access happens very frequently or frequently.
- Progress in combating these threats is not encouraging. Only 29% of IT respondents say their companies fully enforce a strict “least privilege” model to ensure only appropriate insiders have access to company data on a need-to-know basis. The list of individuals who have access to file shares and other collaborative data stores is rarely reviewed. Twenty-four percent of IT respondents say they never review the list.
- Many organizations have no searchable records of file system activity. Some 35% of respondents say their companies do not maintain a searchable record of the file system activity. Failure to audit file system activity is a significant vulnerability, especially with regard to ransomware. Without an audit trail there is no way to determine which files have been encrypted by ransomware. Of those that do, records of activity are preserved for more than a year by 28% of respondents; more than a week by 21%; and more than a month by 16 percent of respondents.
- Companies are slow to detect unauthorized file access. Only 25% of respondents say their company monitors all employee and third-party file and email activity and 38% say their company does not monitor file and email activity at all. Only 24% of respondents say they are able to determine if employees are accessing information they are not authorized to see.
- End users are not deleting files, thus exacerbating vulnerability. Some 43% of respondents say they retain and store documents or files they created or worked on forever. Another 25% of respondents say they keep documents or files one year or longer.
- Moving to the cloud is happening much more slowly than expected. Crown-jewel data continues to be stored on premises, and 86% of respondents say their organizations have most of their data stored on premises. In contrast, 13% of respondents say most of their information is stored in the cloud.
- Two troubling factors account for most data theft and loss. The inescapable conclusion is that the continuing increase in data loss and theft is due in large part to two troubling factors: Compromises in insider accounts that are exacerbated by far wider employee and third-party access to sensitive information than is necessary; the continued failure to monitor access and activity around email and file systems – where most confidential and sensitive data moves and lives.
- Too many companies aren’t taking security seriously enough. Every company relies on – and is entrusted to protect — valuable, confidential and private data. The most valuable data featured in most breaches is unstructured data such as emails and documents. This is the data that most organizations have the most of, and know the least about. When emails and files are surfaced publicly, they tend to cause scandal, forcing the breach to have a lasting effect on the company’s reputation. Despite the technology available and the continued rise of data loss and theft, it is clear that most organizations are not taking the threat of major disruption in business and reputation seriously enough.
Alper has developed a cyber diagnostic to help your organization assess your risk and develop a plan before and after a breach occurs. The form takes a few minutes to complete and can paint a clearer picture of your key risk areas.