• 37% of companies expect incident data breach 1 year and 67% believe a breach to occur within 2 years
• 72% of security professionals say the board should be more concerned with internal treat than external threat
o 40% indicate increase trend in internal breach, 43% indicate it will stay the same and 17% say it will decrease
• 92% of the organizations have experienced a data breach within the last 12 months
o Source of these breach from 40% employees, 22% third-parties, 12% ex-employees and 26% outside the organization (or unknown parities)
o Internal breach associated with: 67% reputational damage, 62% financial penalties, 42% reduced employee morale
• 37% of employees believe individuals have access that they should not have – and types of data employees have access to:
o 69% Customer – contract data, purchase history
o 57% Financial – shareholder information, accounts
o 56% Product/Services – patent, technical specifications
o 56% Employee – salary, medical records
o 46% Supply chain – pricing
o 44% Transactional – payment, card numbers
• 29% of critical data is perceived as at risk for internal breach
• 37% say it is difficult to identify the source of an internal breach while only 16% say they can identify unusual network activity
• 58% does not know what a security breach would be
• 50% admitted disregarding company data protection policies
• 75% of employees believe they do not get enough information about security policies
So, is perception reality?
Source of insider threat:
• 55% personal devices with access and/or with virus and malware
• 49% portable storage device / USB
• 47% users not abiding by data protection protocol / policy
• 40% use on non-authorized applications
• 38% email links
• 31% sharing of credentials
• 18% lost of device with sensitive information
• 24% ex-employees or old supplies / customers with access
• 12% post / sharing on social media
Reasons for increased internal threats:
• 52% increase in cloud applications / usage
• 48% lack of awareness / understanding
• 48% Lack of communication between IT and employees and/ or lack of clear security policy
• 37% increased virus / malware
• 31% increased personal devices
• 26% increase use of contractors / temporary employees
Ways to minimize insider threats:
• 72% education in safeguarding sensitive data
• 57% clearly identify precaution and understanding of ramifications
• 50% tools for Data Loss Prevention
• 45% proper access management or increased levels of access
• 41% updating acceptable us policies regularly
• 39% impose penalty for disclosure
• 35% limit user workstation / devices
Clearswift Insider Threat Survey of 500 IT decision makers and 400 employees in US, UK, Australia and Germany by Loudhouse/Clearswift
In fact, be aware of your surroundings. If you’ve brought your personal laptop, use a security cable to anchor your laptop to a heavy or immovable object. Never leave your laptop, personal belongings, or any sensitive information unattended for any amount of time. Also, use virtual data room while secure data sharing. Vdr, as for me, the most reliable service nowadays. If you want to find some more useful info, you can use that site - virtual data room reviews.
ReplyDeleteGood suggestion. Cloud-based repository and collaboration mediums are excellent ways to shift threats elsewhere but also provide sharing capabilities and convenience that standalone cannot offer. That said, looking into data encryption rest (where necessary), data instance/secure configuration and rentension (backup/recovery) is essential.
ReplyDelete