Data theft rises sharply, insiders to blame

A new study suggests many data breaches are caused by insider threats -- whether through malice or accident.
Written by Charlie Osborne, Contributing Writer

A new survey exploring the main causes of corporate data breaches suggests that three out of four organizations in the US have been hit with the loss or theft of sensitive data in the last two years -- and insiders are usually the ones at fault.

According to the researchers involved in the study, rising data breach and information loss is often due in part to compromised employee accounts, which is further exacerbated by staff and third parties having access to more sensitive information than they need.

In addition, the "continued failure" by businesses to properly monitor access and activity around email and file systems is to blame.

The report, "Closing Security Gaps to Protect Corporate Data: A Study of US and European Organizations," conducted by the Ponemon Institute and sponsored by Varonis, surveyed over 3,000 employees in the US, UK, France, and Germany. End users and IT staff came from industries including finance, the public sector, healthcare, retail, and technology.

Through the survey, 76 percent of respondents said their organization had experienced the loss or theft of company data over the past 24 months, an increase of nine percent since 2014.

IT professionals also claimed that "insider negligence" is the most common, root cause of a data breach -- and is twice as likely to cause the loss of data in comparison to external attackers, malicious employees with an axe to grind, or lax contractor security.

In total, 87 percent of respondents said their jobs require them to access and use data including customer information, contact lists, employee records, financial reports, and corporate documents, but only 29 percent of IT respondents said their organizations enforce a least-privilege model to keep access to this kind of information on a 'need to know' basis.

To make matters worse, the survey suggests over a third of businesses have no searchable record of file system activity, and only 25 percent of organizations monitor employee, email, and file activity.

Yaki Faitelson, co-founder and CEO of Varonis, commented:

Right now we're in a technology arms race with hackers and insider threats. Unnecessarily excessive internal access combined with a lack of monitoring and auditing sets organizations up for disaster.

"These new findings, alongside the fallout from those breaches, should keep executives awake at night," Faitelson added. "What will be the straw that makes businesses focus their efforts on protecting their precious information assets?"

In June, a separate Ponemon survey found that the average cost of a data breach has now reached approximately $4 million, up 29 percent since 2013.

Must-have back to school, college gadgets and gifts 2016

Editorial standards