According to a new Egress’ Insider Data Breach Survey 2021 report, an alarming 94% of organisations have experienced an insider data breach in the last 12 months. The survey is conducted with 500 IT leaders and 3,000 employees in the US and UK across vertical sectors including financial services, healthcare and legal. Key highlights include:
- Human error is the leading cause of serious insider data breaches, with 84% of organisations experiencing a security incident caused by a mistake
- However, malicious insiders are IT leaders’ biggest worry, with 28% indicating that it’s their top concern
- 74% of organisations have been breached because of employees breaking security rules, and 73% have suffered serious breaches caused by phishing
Amit Sharma, Security Engineer, at Synopsys Software Integrity Group stated, “Insider threats are a significant potential issue faced by organisations around the globe and include threats stemming from malicious intent, human error, and falling victim to phishing scams. Many insider threats are born out of negligence rather than malicious intent. The human factor plays an important role by which unaware employees make for a good phishing attack target. There may also be instances involving accidental deletion of data without proper backups, incorrect access/ privileges are granted regarding sensitive data, purposely pushing vulnerable code to production due to time/demand pressure, etc. There have also been instances where disgruntled or former employees have intentionally leaked sensitive data for financial gain, with the aim of tarnishing the brand, or for competitive advantage.
To manage such scenarios, policies should be enacted to minimise the impact and successes of insider threats. First and foremost, this involves managing privileges and permissions. The policy of least privilege should allow an employee/ contractor only enough access to data to complete their job role. Regular monitoring should also be put in place to identify any potentially risky behaviour. Employee security awareness training, phishing training campaigns, and password and data protection management policies are additional practices that will strengthen your organisation’s security posture. Keeping employees apprised of their data security obligations on a regular basis will keep security risk top of mind. Employees, contractors, partners, etc. should have the tools and information on hand to stay vigilant.
And the ‘what if’ must also be accounted for. What if an insider attack does take place? Does your organisation have an incident response plan that accounts for such scenarios? Be prepared for the worst so that you can act quickly and effectively in order to disclose the event and minimise its impact to your business and customers.”