According to a new report from cloud security software vendor Bitglass, insider data breaches have increased over the course of the past year. While malicious attacks are on the rise, the majority of insider data breaches are due to carelessness by employees.
For the report, Bitglass surveyed 500 IT professionals and asked questions on insider threats to data security. 56% reported that insider leaks had increased in the past year and one in three organizations said they had experienced an insider attack in the past 12 months.
Many organizations feel they have much greater control over who accesses data when data systems are managed in house. However, many companies now use a host of cloud services. This has left many feeling vulnerable to attack. Three out of four organizations surveyed said they feel data stored in the cloud is vulnerable to attack.
Part of the reason for feelings of vulnerability is the lack of training given to staff. 62% of organizations feel that data is at risk as a result of poorly trained staff or a lack of staff training. 57% of organizations felt data security measures used to keep data protected in the cloud were insufficient. The same percentage of users felt that insider data breach risks could be effectively managed with staff training. Just over half of respondents thought that identity management solutions could be effective at managing insider data breach risks.
When asked about the biggest security risks, 60% believe privileged users pose the greatest risk to data security. When it came to breaches of sensitive data, 71% of respondents reported accidental data leaks as the biggest threat. 68% said negligence and 61% said malicious users were the biggest threat.
Many organizations focus on protecting data and networks from external attacks, yet the risk of insider data breaches is largely ignored. Many organizations are failing to employ effective controls to limit access to data.
Employees are able to access corporate data from any device, including mobiles even though the devices have poor security protections. The devices are also easily lost or stolen, which could potentially expose a wide range of sensitive data. More than half of respondents said the increase in use of mobile devices has increased the risk of data breaches.
While 56% of respondents said they use some form of data analytics, only 15% said they use user behavior analytics, which makes it difficult to quickly identify data breaches when they occur. Even so, according to the study, data breaches are now being identified much more rapidly. 64% of respondents said they were able to identify data breaches within a week. Last year, only 42% of organizations were able to identify a data breach within 7 days.