Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

Intentional Malicious Insider Breaches Increased Between 2019 and 2020

The concern about intentional data breaches has increased year-on-year, with 75% of IT leaders believing that employees have put data at risk intentionally.

According to research by Egress of 528 CSOs and IT leaders, 97% of respondents said “insider breach risk” is a significant concern. Of those surveyed, 78% said that employees have put data at risk accidentally, while 75% believed employees have put data at risk intentionally. This is a rise of 14% since last year’s research.

Chief marketing officer, Tim Pickard, said he was not surprised that 97% of CISOs and IT leaders would be concerned, and too many companies are relying on employees to report breaches.

Egress CEO Tony Pepper added that the “severe penalties for data breaches mean IT leaders must action better risk management strategies, using advanced tools to prevent insider data breaches.”

Of those employees that have accidentally leaked data, 41% said it was due to a phishing message, 31% said that this was due to information being sent to the wrong recipient and 29% said that they or a colleague had intentionally shared data against company policy in the last year.

Looking at the causes of an intentional breach, 32% of those polled said that this was due to employees sharing data to personal systems, while 22% blamed employees leaking data to a contractor and 21% said that employees share data directly to cyber-criminals. Also, 18% said that employees take data to a new job, with only 4% saying that they “don’t have malicious insider breaches.”

Speaking to Infosecurity at the launch of the research, Pickard said that, from a point of view of intentionally leaking data, “there is a general awareness around the potential risks that exist from employees, and it doesn’t have to be malicious to be intentional, it could be mis-guided by someone trying to get their job done and putting data at risk.

“There are a number of elements at play, as none of us see the work environment getting any easier and there will be increased pressure at work for most people,” Pickard argued. “People have access to all sorts of technologies that IT leaders would rather they did not have, and cloud is a great thing, but it makes available some powerful technologies to people for a very small amount of money.”

Speaking to Infosecurity, Panaseer CEO Nik Whitfield cited the case of Sergey Aleynikov who was charged with stealing code from Goldman Sachs and giving it to his next employer. “There are different types of insider: some help themselves while some do it maliciously – but to them it is normal behavior,” he said. “Malicious insiders are also being placed by cyber-criminals and getting jobs in companies to steal information or to do corporate espionage.”

Related to This Story

What’s Hot on Infosecurity Magazine?

1
Opinion

#HowTo Do DevOps Effectively

2
News

Two-Thirds of CISOs Struggling with Skills Shortages

3
News

Cyber-Attack Takes Down Redcar Council Services

4
News

Iranian Hackers Backdoored VPNs Via One-Day Bugs

5
News

IBM Confirms #RSAC Withdrawal Over Coronavirus Fears

6
News

US Gas Pipeline Shut After Ransomware Attack

1
News

2020 Tax Season Attacks Already Targeting Small Businesses

2
News

Air Force Gives Students a Second Crack at Cybersecurity Certification

3
News

Cyber-Flashing on UK Trains Doubles

4
Blog

The Calm After the Storm

5
News

Medical Devices Intro Major Bluekeep Risk to Hospitals

6
News

US Gas Pipeline Shut After Ransomware Attack

1
Webinar

AI in Security: Keeping Up with the Trend

2
Webinar

Automation in Data File Transfer: Improving Security and Saving You Time

3
Webinar

Leveraging ISO 27001 to Manage Cyber & Information Security Risks

4
Webinar

Making a SOAR Strategy Work For You

5
Webinar

Make Your Own Security Superstars: Scale and Upskill Your Security Team

6
Webinar

Zero Trust: A Cybersecurity Essential and the Key to Success

1
Blog

Security by Sector: Cyber-Attack Could Create Financial Crisis, Says ECB Chief

2
News Feature

Impact of Stress and Burnout Worsens for CISOs

3
Blog

Nine Steps to Cybersecurity

4
Opinion

Are You Prepared to Battle Account Takeover Fraud?

5
Webinar

Leveraging ISO 27001 to Manage Cyber & Information Security Risks

6
Interview

Interview: Rob Norris, VP Head of Digital Technology Services and Enterprise Cyber Security, Fujitsu