Employees Cause Many Data Breaches
By Samuel Greengard
Over the last few years, there’s been a growing focus on multilayered enterprise security. Organizations are turning to a variety of tools and technologies to combat hackers, thieves and vandals.
However, a March survey conducted by Ponemon Institute and Trend Micro found that all these investments, while essential, fail to strike at the heart of the problem. That’s because only 8 percent of breaches are caused by external cyber-attacks.
Employee negligence or maliciousness is the root cause of many data breaches, according to the report, “The Human Factor in Data Protection.” The top three root causes of these breaches are employees’ loss of laptops or other mobile data-bearing devices (35 percent), third-party mishaps or errors (32 percent), and system glitches (29 percent). What’s more, nearly 70 percent of respondents believe that their organization’s security strategy isn’t good enough to stop a targeted attack.
Remarkably, 56 percent of respondents indicated that most breaches are discovered accidentally. Only 19 percent said that their employees self-reported data breaches. In addition, 37 percent said that an audit or assessment revealed the incident, and 36 percent reported that data protection technologies revealed the breach.
Unfortunately, the challenges are growing and becoming more prevalent “because of the mobility of the workforce, proliferation of mobile data-bearing devices, consumerization of IT and the use of social media in the workplace,” says Larry Ponemon, chairman and founder of the Ponemon Institute.
Ponemon says that a three-pronged security approach is necessary. Organizations must secure their networks from hackers and targeted attacks, but they also must deploy data-centric security technology and boost awareness among employees.
In fact, today’s post-PC environment requires an entirely different security mindset. Among other things, it touches on governance, education, social media and mobility policies, as well as security solutions that integrate threat and data protection capabilities within a unified framework.
Ultimately, organizations “must address how employees factor into overall data security,” concludes Jon Clay, a security technology analyst at Trend Micro. “They must develop ways to identify when a data breach has occurred.”