EXPERT
OPINION
a new environment where data is on
the front line and risk has increased
disproportionately. This shift means the
way we understand and manage insider
risk needs to change too. We must view
it in the context of the modern workplace
and data security landscape and ask:
are our expectations of employees’
ability to keep data safe in this
environment realistic? Are we adequately
supporting the human layer of security?
Concern: IT leaders are
viewing a new type of risk
through an old lens
Evidence from our recent Egress Global
Insider Breach Survey indicates IT
leaders are struggling to adapt how they
view and manage insider risk in this
new landscape. The research asked
500 IT leaders and 5,000 employees
about causes, frequency and impacts of
internal security breach incidents and
views about data risk and ownership. It
highlighted discrepancies between IT
leaders’ perceptions of insider breach
risk and how they are managing it.
The effect of the
mobile, alwayson
culture was
reflected in reasons
employees gave for
accidental
data leaks.
Despite this concern, when asked what
security tools they have in place to
mitigate insider breaches, just half of
IT leaders said they are using antivirus
software to combat phishing attacks,
48% are using email encryption to
protect data and 47% provide secure
collaboration tools.
IT leaders appear resigned to a degree
of inevitability when it comes to insider
breaches, acknowledging the sustained
C-level executives
should also
recognise the
diverse personality
types that present
varying risks.
A staggering 97% of IT leaders are
concerned about this risk. A total of 78%
believed employees had leaked data
accidentally in the past 12 months and
three-quarters believed they had done
so intentionally. Looking ahead, 36%
said it was likely employees would put
data at risk this year.
risk but not adopting new strategies or
technologies to mitigate them. They’re
viewing a new risk through an old
lens by continuing to focus on static
prevention strategies aimed at securing
the devices and network layers, rather
than addressing the human layer where
mistakes are actually made. Effectively,
they are adopting a risk posture in
which employees putting data at risk
is deemed acceptable. From a boardlevel
perspective, this must be cause for
serious concern.
Components: Analysing the
human layer
Employees offer considerable insight
into insider breach risk. Our research
42 Issue 24 | www.intelligentciso.com