EXPERT
OPINION
In contrast, 44% of clerical staff have
misdirected an email, while only 20%
of directors admitted to making this
mistake. Another aspect affecting insider
risk is employees’ attitudes to data
ownership. Our research found only 41%
Gaining a better
understanding of
insider breach risk
means executives
must recognise how
it has evolved.
found 27% said they or a colleague had
accidentally leaked data in the past year
and 29% had deliberately breached
company policy when sharing data.
The effect of the mobile, alwayson
culture was reflected in reasons
employees gave for accidental data
leaks. A total of 23% said they had
done so because they were using a
mobile device and the same percentage
said they were under pressure when
they made the error. One in five cited
tiredness as the cause of their mistake.
The ever-growing risk from phishing
emails was a factor in 41% of accidental
data breaches, while 31% admitted
accidentally sending data to the wrong
person. These figures are needlessly
high given the availability of security
tools that use contextual Machine
Learning to prevent misdirected emails,
stop the wrong attachments being
attached, alert users to phishing emails
and help employees use encryption
tools correctly.
Reasons given for deliberate breaches
reflect everyday frustrations and ethical
frailty in the workforce. A quarter took a
risk and shared data against company
policy because they didn’t have the right
tools to share it safely, while 46% took
company data with them when they went
to a new job. These responses show
employees are not being supported to
share data safely and that a significant
percentage should be monitored more
closely based on breach risk.
C-level executives should also recognise
the diverse personality types that
present varying risks. Our research
showed that, on average, more senior
employees are more likely to intentionally
breach data sharing rules. A total of
78% of director-level employees said
they had done so in the past year,
compared with 10% of clerical workers.
understand that data belongs exclusively
to the business. Others felt it belonged
to departments, teams or individuals that
had worked on it. This proprietary view
explains employees’ tendency to take
data with them to new jobs or take risks
when sharing data.
Again, this points to the need to support
and manage the human layer of data
security. In a pressurised, connected
workplace, it’s not realistic to expect
that employees will get things right
every time, or that they will always act
honourably in accordance with company
policy. At Egress we understand this
and we have developed contextual
Machine Learning tools that provide a
safety net for users to prevent breaches,
protect data and ensure regulatory
compliance against the new generation
of human-activated breaches – without
compromising productivity.
Gaining a better understanding of
insider breach risk means executives
must recognise how it has evolved;
understand how employees view data
ownership and the different personalities
in the workforce that put data at risk;
and ultimately ensure IT leaders are
deploying solutions that mitigate today’s
risks, not those of the past. u
www.intelligentciso.com | Issue 24
43