Insiders Responsible for 43% of Data Breaches

Uploaded on 2015-10-05 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

Among companies experiencing data breaches (and that is to say, a majority), internal actors were responsible for 43% of data loss, half of which was intentional, and half accidental.

That’s a staggering amount of risk lingering inside organizations, especially when one considers that the report, from Intel, also revealed that security professionals have experienced an average of six significant security breaches each.
Interestingly, insider threats aren’t recognized as the gaping issue that they are. Breaches perpetrated by disgruntled employees and other forms of inside jobs come in at sixth place for most of the world in terms of security concerns, except in Asia-Pacific, where it’s No. 2. Cloud deployments, in contrast, brought with them increased anxiety of more security breaches, although there was no indication of increased risk with cloud applications.

Intel also found that in 68% of data breach incidents, the data exfiltrated from the network was serious enough to require public disclosure or have a negative financial impact on the company. The same was true for 70% of incidents in smaller commercial organizations, and in 61% of breaches in enterprises.

The average number of breaches was highest in Asia-Pacific organizations, and lowest in UK and US enterprises. More than 10% of Asia-Pacific companies reported over 20 breaches, compared to just above 1% of North American and 4% of UK enterprises reporting more than 20 breaches.
“Most security studies and statistics focus on infiltration: how attackers are getting past security defenses and into the network,” explained Intel, in the report. “That part of the attack is more visible, compromising machines and triggering events and alarms in the security operations center. Until now, there has been very little information available on the less visible act of data exfiltration: how attackers are removing data. Whether you see it or not, data exfiltration is a real risk for most organizations.”

Consistent with previous studies, privacy and confidentiality of customer and employee data were the biggest concern, and poor security practices the biggest challenge in the face of increasingly sophisticated attacks. In practice—no surprise here—personal information from customers and employees is the No. 1 target (62%), as the value of private personal data surpasses even that of credit cards.

One quarter (25%) of data exfiltrations used file transfer or tunneling protocols, such as FTP or SCP, and 32% of data exfiltrations were encrypted. Microsoft Office documents were the most common format of stolen data (25%).
About 64% of security professionals felt data loss prevention (DLP) technology could have prevented their data exfiltration events; respondents using DLP had a strong correlation with internal teams detecting and preventing data theft.
Interestingly, the theft of physical media is still quite common, implicated in 40% of exfiltrations.

Info-Security

« Xi Jinping At Seattle Tech Summit
Cyber Peace? The U.S and China Reach an ‘Understanding’ »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Freshfields Bruckhaus Deringer

Freshfields Bruckhaus Deringer

Freshfields Bruckhaus Deringer is a global law firm with a track record of successfully supporting the world's leading corporations, financial institutions and governments.

Herjavec Group

Herjavec Group

Herjavec Group's Managed Security Services practice defends your organization from increasingly sophisticated, targeted cybercrime threats.

CloudLayar

CloudLayar

CloudLayar is a cloud-based website firewall for protecting your website against online threats.

Hodgson Russ

Hodgson Russ

Hodgson Russ is a US business law firm. Practice areas include Privacy, Data Breach & Cybersecurity.

ControlScan

ControlScan

ControlScan is a Managed Security Services Provider (MSSP) - our primary focus is protecting your business and securing your sensitive data.

Joe Security

Joe Security

Joe Security specializes in the development of automated malware analysis systems for malware detection and forensics.

mmCERT

mmCERT

mmCERT is the national Computer Emergency Response Team for Myanmar.

herdProtect

herdProtect

herdProtect is a second line of defense malware scanning platform powered by 68 anti-malware engines in the cloud.

SwiftSafe

SwiftSafe

SwiftSafe is a cybersecurity consulting company providing auditing, pentesting, compliance and managed security services.

Lithuanian National Accreditation Bureau

Lithuanian National Accreditation Bureau

Lithuanian National Accreditation Bureau is the national accreditation body for Lithuania. The directory of members provides details of organisations offering certification services for ISO 27001.

Northcross Group (NCG)

Northcross Group (NCG)

NCG provides services to help organizations meet the challenges of regulatory compliance. Our services include support, consultation, tools and accelerators for all parts of an organization.

Code Intelligence

Code Intelligence

Code Intelligence offers a platform for automated software security testing to help developers make their software more robust and secure.

National Academy of Cyber Security (NACS) - India

National Academy of Cyber Security (NACS) - India

National Academy of Cyber Security provides Professional Training Courses and Programmes in Cyber Security.

Edgio

Edgio

Edgio provides unmatched speed, security, and simplicity at the edge through globally-scaled media and applications platforms.

Eden Data

Eden Data

Eden Data is on a mission to break the outdated mold of traditional cybersecurity consulting. We handle all of your security, compliance & data privacy needs.

Ethnos Cyber

Ethnos Cyber

Ethnos Cyber is Africa’s leading cybersecurity and compliance management company. We provide Information Security, Risk Management, Cybersecurity and Compliance Management solutions to clients.