According to the 2019 Data Exposure Report (DER), commissioned and published by Code42, employees are still considered to be the #1 cause of data breaches.
The survey was carried out by independent UK-based research group, Sapio Research, and included 1,028 IT security professionals and 615 business executives from companies across Europe and the United States. When questioned about whether they had experienced a breach, and what they thought was the #1 cause, both security professionals and executives cited “employee actions” as the leading cause – accounting for 50-53% of respondents. In second place was “third-party actions”, as cited by 45-47% of respondents.
The report highlights cause for concern. For example, when asked if they have ever clicked on a link which they shouldn’t have, or didn’t intent to, 78% of IT managers and 65% of business executives said they had. Don’t get me wrong, we all have moments of weakness, but IT managers typically have the most access privileges, and a simple mistake like clicking on malicious link could potentially bring the whole system to its knees. Not only that but if IT managers are failing to uphold strong security principals, how can we assume that regular employees will?
Executives were also asked about which cloud platforms they use for file-sharing and collaboration. Microsoft OneDrive was the most popular, used by 43% of respondents, followed by Google Drive (41%) Dropbox (33%), Slack (13%), iCloud (38%), and WhatsApp (37%). While there are many benefits of using cloud platforms, they open up a number of security risks. Without the right technologies, security teams will struggle to gain the visibility they need to adequately protect their data.
Roughly 60% of respondents admitted to bringing data from their previous job to their current job, and 38% believe that their colleagues had done the same. However, of those who admitted to bringing data from their previous job, 71% believed that the data belonged to them. Regardless of whether they were, or were not, the rightful owner of the data, the data was essentially leaked, and the previous employer probably had no idea about it.
The above report highlights the importance of monitoring user behavior. It is paramount that security teams have a clear view of who is accessing what data, and when. They need to monitor privileged account access and know exactly what files and folders have been created, accessed, modified, copied and deleted. Given that more and more businesses are shifting their data and processing operations to the cloud, they will need an auditing solution that can aggregate event logs from multiple service providers and present summary of events via a centralized dashboard. Anomalous events should be reported to the security team in real-time. Given that employees are likely to take data with them when they leave the company, security teams will need to ensure that they know when data is copied to an external storage location, or sent to an email address that is not consistent with the company’s security policy. Likewise, security teams will need a way to automatically detect and manage inactive user accounts, to prevent an ex-employee gaining access to the network after they leave the company.
All stakeholders, regardless of whether they are regular employees, contractors, or IT managers, must be subject to regular security awareness training. At the very least, the training must ensure that all stakeholders know how to identify phishing emails, and any other social engineering techniques.
Change auditing solutions like LepideAuditor enable security teams to detect, alert and respond to potential security threats, protect data and meet compliance. If you would like to see how LepideAuditor can help you monitor user interaction with your sensitive data, download its 15-Day free trial or schedule a personalized demo with one of our engineers today.