Insider data breaches are a bigger problem than many CISOs admit to – simply because it’s traditionally been difficult to fully investigate and effectively prevent these incidents from happening.
In today’s connected world, there’s a large surface area in which employees can cause data breaches. In many organisations, almost every employee has access to email – a tool designed to make effective communication and data sharing easy. They can access their corporate email at work, on the move and at home using laptops and mobile devices. Consequently, the risk that an employee may accidentally or intentionally leak data is significant, including:
- Misdirecting emails by adding one or more incorrect recipients
- Attaching the wrong file to an email with the correct recipients
- Sharing company data to personal systems in order to work on it at home
- Falling victim to a successful spear phishing or other business email compromise (BEC) attack
- Taking company data to a new job
- Intentionally exfiltrating data to harm the organisation or for financial benefit
The list could go on. People, driven by behaviours that are difficult for security teams to predict and protect against, can cause insider data breaches in many ways and for many reasons.
We know, factually, this is a problem. Research shows that 95 per cent of CISOs are worried about the insider threat. And 70 per cent have admitted to employees accidentally leaking data at their organisation, with corporate email responsible for at least 44 per cent of incidents.
This established problem exists not because CISOs and their security teams are unwilling to address it, but because it’s been difficult to do so using the static technologies that, until recently, have formed the main defence against this type of risk. When your AV filter doesn’t detect an inbound spear-phishing attack or autocomplete suggests the wrong recipient, your busy, tired and otherwise unpredictable employees become your last line of defence. And, ultimately, static technologies are not designed to adapt to their behaviours. An email is either encrypted or unencrypted, recipients are either included or not. Static technology is unable to provide the dynamic safety net required to stop most human-led security breaches before they happen.
How you can stop human-led data breaches at your organisation?
The first step is knowing this is a problem at your organisation – including comprehensive and factual analysis of the types of email data breaches that occur and their frequency. In our experience, the problem is usually between 10 and 20 times more significant than CISOs and their security teams realise. That’s because the static technologies that failed to prevent the breach will also fail to detect and report it afterwards. They don’t know what they don’t know – which means you don’t know it either. We already know that employees are unpredictable, so self-reporting or peer reporting can’t be relied on.
The next step is to turn to intelligent security technology that uses contextual machine learning to determine the actual risk of a data breach in real time, as individual employees use email. This includes both accidental breaches – providing a dynamic safety net that helps individuals correct mistakes – and intentional incidents, including blocking content from being shared.
Even when the correct recipients are added and files are attached to an email, sensitive data still needs to be protected. Duty of care to clients and compliance obligations mean you need to ensure confidential information is secured not only in transit, but also when it reaches the recipient. Intelligent technology that knows whether transport layer security (TLS) is enabled and appropriate for use, or recommends tighter security and controls, empowers employees to make the best decisions when sharing sensitive data via email.
Finally, administrators should always have the ability to investigate their email network security. This includes being able to see whether certain employees are more or less likely to require dynamic assistance to improve education and awareness campaigns, as well as provide detailed reports against compliance legislation such as GDPR.
By taking this human layer approach to security, CISOs and their teams are now in a position to truly prevent human-led breaches, protect data and investigate their compliance status. Where static solutions have failed them in the past, new technologies such as contextual machine learning can now make email safe to use.
Human behaviour remains the greatest influencer of insider data breaches: not simply that people are liable to make mistakes, but they can react emotionally or behave unpredictably, and whatever their motivation, there’s no guarantee they will notify you of breach in a timely manner – or at all!
So, is it even possible for CISOs to control this risk?
Hear Lisa Forte and Tony Pepper examine the profiles behind common insider data breaches and identifies behaviours for detection and mitigation.