Data Loss Prevention, Insider Risk

Why Data Breaches are caused by Employee Negligence

By Veriato Team

Every company – big or small – wants to avoid a data breach.  Most efforts are placed on protecting the environment from external threat actors and cyber-criminal organizations attempting to get in.

But, according to Shred-It’s 2018 State of the Industry report, A material focus should be placed on internal employees. Those with access to critical, sensitive, protected, or otherwise valuable data pose a real threat. According to the report, of those enterprise organizations experiencing a data breach in the last year, CSOs found that 47% of the breaches were due to employee negligence, and 22% to deliberate employee theft or sabotage.

But it’s not just enterprises that should be concerned.  According to Shred-It, an equally material 71% of small business owners who experienced data were attributed them to employees (42% negligence, 29% deliberate theft or sabotage).

So, how can organizations get ahead of employee actions resulting in data breaches to either prevent a breach or minimize its affect?

Organizations should take a two-pronged approach to addressing this problem:

  1. Predict Maliciousness – there’s a reason an employee commits data theft or sabotage; they’re unhappy, they need money, the feel unappreciated at work, etc. Looking for shifts in behavior and communication via User and Entity Behavior Analytics can effectively predict using analysis of psycholinguistic indicators and communications mediums when employee’s loyalty shifts from the organization to themselves.
  2. Monitor User Activity – whether negligent or malicious in intent, employee behavior around data breaches involves the user performing some action that puts the organization at risk. Whether data is copied, printed, emailed, messaged, or shared, the user interaction with data and applications can be watched and alerted on via Employee Monitoring Software, notifying the organization of potentially threatening actions.

The Shred-It data makes it clear; employees are a material enough problem to require some oversight and scrutiny.  So, if your security strategy doesn’t include monitoring and analyzing user behavior, it may be time to consider adding efforts to the protect against the insider.

Insider Risk – How Prepared Are You?

Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Productivity & Insider Risk Resources

Focusing On Productivity Helps Reduce Insider Risk

Focusing On Productivity Helps Reduce Insider Risk

Many companies are concerned by the uptick in insider risk that’s come with the work-from-home boom. By one estimate,  58% of office workers work from home at least one day a week. This trend creates blind spots for companies. Managers see their employees less often,...

Elizabeth Harz RSAC 2023 Interview

Elizabeth Harz RSAC 2023 Interview

Elizabeth Harz, CEO of Veriato, gave an interview to ISMG at this year's RSA Conference in San Francisco. In it, Elizabeth covers the challenges of maintaining data security in the remote or hybrid workforce environment and the rising cost of data breaches. She also...

A More Insightful, Proactive Approach to Employee Monitoring

A More Insightful, Proactive Approach to Employee Monitoring

Also known as “bossware” and even “employee surveillance”, employee monitoring has been placed in the bucket of technologies that companies force on their employees. Whatever you call it, its use is on the rise and it looks like it’s here to stay. As of 2022, 60% of...