News Archives

Monday, August 22, 2016

Survey Finds Insiders at Fault for Most Data Breaches

A new Ponemon Institute survey of 3,000 employees in the US, UK, France and Germany revealed that in most breaches of corporately-held data, negligent staff are usually the party creating the vulnerability, rather than external hackers acting independently.  Compromised employee accounts are the typical vector for these breaches, exacerbated by employees and third parties having more access to sensitive data than they need.  According to the study, while 76% of respondents said that their organization had experienced a breach over the past two years, only 29% of IT respondents said their organizations enforce a least-privilege model designed to keep information on a need-to-know basis.  A separate Ponemon study in June showed that the average cost of a data breach is now approximately $4 million, up 29% since 2013.  A third Ponemon study, the 2016 Global Visual Hacking Experiment, underscores the role of poorly-trained employees in preventing walk-around hacking in the workplace,

These findings are consistent with those reported by the Association of Corporate Counsel in December 2015 (“Survey Finds Employees the Leading Cause of Data Breaches”) and by Comp TIA and the SANS Institute in April 2015 (“Single Biggest IT Security Threat Remains Employees”).  Whether insiders are more responsible for breaches than external hackers – and this has varied over the past decade (see for example, the June 2009 Verizon study (“Growing Role of Organized Crime in Data Breaches”) – is hardly the point.  No matter what percentage of breaches are caused by employees and other insiders, these are known and well-established vulnerabilities that are amenable to remediation.  Accountability for not addressing them seems sadly to be in short supply.

No comments:

Post a Comment