Employees Cause Many Data Breaches

By Samuel Greengard

Over the last few years, there?sbeen a growing focus on multilayered enterprise security. Organizations areturning to a variety of tools and technologies to combat hackers, thieves andvandals.

However, a March surveyconducted by Ponemon Institute and Trend Micro found that all these investments,while essential, fail to strike at the heart of the problem. That?s because only8 percent of breaches are caused by external cyber-attacks.

Employee negligence ormaliciousness is the root cause of many data breaches, according to the report,?TheHuman Factor in Data Protection.? The top three root causes of thesebreaches are employees? loss of laptops or other mobile data-bearing devices(35 percent), third-party mishaps or errors (32 percent), and system glitches(29 percent). What?s more, nearly 70 percent of respondents believe that theirorganization?s security strategy isn?t good enough to stop a targeted attack.

Remarkably, 56 percent ofrespondents indicated that most breaches are discovered accidentally. Only 19percent said that their employees self-reported data breaches. In addition, 37percent said that an audit or assessment revealed the incident, and 36 percentreported that data protection technologies revealed the breach.

Unfortunately, the challengesare growing and becoming more prevalent ?because of the mobility of theworkforce, proliferation of mobile data-bearing devices, consumerization of ITand the use of social media in the workplace,? says Larry Ponemon, chairman andfounder of the Ponemon Institute.

Ponemon says that athree-pronged security approach is necessary. Organizations must secure theirnetworks from hackers and targeted attacks, but they also must deploy data-centricsecurity technology and boost awareness among employees.

In fact, today?s post-PCenvironment requires an entirely different security mindset. Among otherthings, it touches on governance, education, social media and mobilitypolicies, as well as security solutions that integrate threat and dataprotection capabilities within a unified framework.

Ultimately, organizations ?mustaddress how employees factor into overall data security,? concludes Jon Clay, asecurity technology analyst at Trend Micro. ?They must develop ways to identifywhen a data breach has occurred.?