DLP solutions can't stop insider threats
Insider threats, caused by current and departing employees, expose companies to breaches and put corporate data at risk, but security solutions may not be effectively preventing them.
A new study from data loss solution company Code42 finds that 69 percent of organizations say they were breached due to an insider threat and confirm they had a prevention solution in place at the time of the breach.
In addition 78 percent of information security leaders -- including those with traditional data loss prevention (DLP) -- believe that prevention strategies and solutions are not enough to stop insider threats.
"Organizations are overlooking the most harmful data security threat: their own employees. While security leaders likely are aware of the problem, they may not grasp the sheer magnitude of it. And most have fallen behind in effectively detecting and responding to insider threats," says Joe Payne, Code42 president and CEO. "The brutal truth is employees take data. Companies that don't have or underinvest in an insider threat program or rely on legacy data loss prevention solutions, are feeling the pain and winding up in headlines. Security leaders must find a better way to protect sensitive company data and address threats coming from within their own walls."
The report also reveals employees taking more risks with data than employers think, which leaves organizations open to insider threat. Rather than sticking to company-provided file sharing and collaboration tools, for example, 31 percent of business decision makers also use social media platforms, such as Twitter, Facebook or LinkedIn, 37 percent use WhatsApp and 43 percent use personal email to send files and collaborate with their colleagues.
Over three-quarters (78 percent) of CSOs and 65 percent of CEOs admit to clicking on a link they shouldn't have, showing that no level of employee is immune to lapses in judgment.
These types of risk-based actions are why half of the data breaches that companies admit to experiencing in the previous 18 months have been caused by employees, according to both information security leaders and business decision-makers (50 percent and 53 percent respectively).
More information can be found on the Code42 site.