Insider Threat Is Still the Biggest Danger for Companies – Data Loss Prevention Is Not Working

Companies should pay a lot more attention to insider threats when they establish a strategy to keep their data safe. It turns out that more than half of data breaches can be attributed to employee actions and not outside forces.

Research shows a data breach inflicts an average of $3.92 million in damages, including costs such as fines, remediation and lost businesses. Companies know they need to protect themselves against data breaches, but not all threats come from the outside. As the Code42 research shows, more than half of data breaches stem from insider threats. Employees are often trusted with essential data, but that trust can be abused, accidentally or intentionally.

“Rather than sticking to company-provided file sharing and collaboration tools, one in three (31%) business decision-makers also use social media platforms, such as Twitter, Facebook or LinkedIn, 37% use WhatsApp and 43% use personal email to send files and collaborate with their colleagues,” reveals the Code42 study.

The term “employee” refers to anyone in the organization, including executives, such as CSOs and CEOs. “Over three-quarters (78%) of CSOs and 65% of CEOs admit to clicking on a link they should not have, showing that no level of employee is immune to lapses in judgment,” notes the same study.

The research also shows departing employees are a much bigger problem than companies realize. 63% of survey respondents said that they brought proprietary data from their previous job, but the trend seems to be offset from the opposite direction as incoming employees bring valuable proprietary data to their new jobs.

Prevention measures currently in use are not enough

One point that’s made painfully clear by the study is that traditional data loss prevention (DLP) security solutions are not working. Data breaches not only occur, but they are a much bigger problem than organizations presume.

· 69% of organizations say they were breached due to an insider threat and confirm they had a prevention solution in place at the time·

· 78% of information security leaders – including those with traditional data loss prevention (DLP) – believe prevention strategies and solutions are not enough to stop insider threat.

Code42 study is hardly the first to notice this worrying trend. Research from the Ponemon Institute identified a similar problem last year. The number of data breaches and security exploits provoked by a careless employee or contractor, a criminal or malicious insider or a credential thief had significantly grown in the previous 12 months, the research showed.

Since insider threats are not easy to detect, companies spend an average of two months trying to prevent more damage from a single incident. As the Code42 research concludes, 81% of survey respondents need a better way to protect sensitive data without slowing down innovation.