Insiders Responsible for 43% of Data Breaches

Among companies experiencing data breaches (and that is to say, a majority), internal actors were responsible for 43% of data loss, half of which was intentional, and half accidental.

That’s a staggering amount of risk lingering inside organizations, especially when one considers that the report, from Intel, also revealed that security professionals have experienced an average of six significant security breaches each.
Interestingly, insider threats aren’t recognized as the gaping issue that they are. Breaches perpetrated by disgruntled employees and other forms of inside jobs come in at sixth place for most of the world in terms of security concerns, except in Asia-Pacific, where it’s No. 2. Cloud deployments, in contrast, brought with them increased anxiety of more security breaches, although there was no indication of increased risk with cloud applications.

Intel also found that in 68% of data breach incidents, the data exfiltrated from the network was serious enough to require public disclosure or have a negative financial impact on the company. The same was true for 70% of incidents in smaller commercial organizations, and in 61% of breaches in enterprises.

The average number of breaches was highest in Asia-Pacific organizations, and lowest in UK and US enterprises. More than 10% of Asia-Pacific companies reported over 20 breaches, compared to just above 1% of North American and 4% of UK enterprises reporting more than 20 breaches.
“Most security studies and statistics focus on infiltration: how attackers are getting past security defenses and into the network,” explained Intel, in the report. “That part of the attack is more visible, compromising machines and triggering events and alarms in the security operations center. Until now, there has been very little information available on the less visible act of data exfiltration: how attackers are removing data. Whether you see it or not, data exfiltration is a real risk for most organizations.”

Consistent with previous studies, privacy and confidentiality of customer and employee data were the biggest concern, and poor security practices the biggest challenge in the face of increasingly sophisticated attacks. In practice—no surprise here—personal information from customers and employees is the No. 1 target (62%), as the value of private personal data surpasses even that of credit cards.

One quarter (25%) of data exfiltrations used file transfer or tunneling protocols, such as FTP or SCP, and 32% of data exfiltrations were encrypted. Microsoft Office documents were the most common format of stolen data (25%).
About 64% of security professionals felt data loss prevention (DLP) technology could have prevented their data exfiltration events; respondents using DLP had a strong correlation with internal teams detecting and preventing data theft.
Interestingly, the theft of physical media is still quite common, implicated in 40% of exfiltrations.

Info-Security

« Xi Jinping At Seattle Tech Summit
Cyber Peace? The U.S and China Reach an ‘Understanding’ »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jscrambler

Jscrambler

Jscrambler addresses all your JavaScript and Web application protection needs.

NLnet Labs

NLnet Labs

NLnet Labs is a not-for-profit foundation with a long heritage in research and development, Internet architecture and governance, as well as security in the area of DNS and inter-domain routing.

e-End

e-End

e-End provides hard drive shredding, degaussing and data destruction solutions validated by the highest electronic certifcations to keep you compliant with GLB, SOX, FACTA, FISMA, HIPAA, COPPA, ITAR.

Practical Assurance

Practical Assurance

Practical Assurance helps companies navigate the rough terrain of information security compliance.

Stamus Networks

Stamus Networks

Stamus Networks offers Scirius Security Platform solutions that marry real-time network traffic data with enhanced Suricata intrusion detection (IDS) and an advanced analytics engine.

ByteSnipers

ByteSnipers

ByteSnipers specialize in penetration testings and secure development services. Our focus is on your security.

Mosyle

Mosyle

Businesses and educational institutions rely on Mosyle to manage and secure their Apple devices and networks.

NetGain Technologies

NetGain Technologies

NetGain Technologies helps small to medium-sized businesses gain access to expert IT talent. We provide strategies that use technology as a driving force behind business growth.

GuardYoo

GuardYoo

GuardYoo's SaaS platform allows cybersecurity professionals to perform Compromise Assessment remotely from anywhere in the world.

Zitec

Zitec

One of Europe's largest and most prominent full-cycle software development services companies, Zitec is the digital transformation partner to companies in the EU, UK, USA, Canada and ME.

IGI Cybersecurity

IGI Cybersecurity

IGI Cybersecurity delivers people-driven cybersecurity for personalized, resilient cyber defense focused on individualized strategy and unshakeable partnership.

Queen Consulting & Technologies

Queen Consulting & Technologies

Queen Consulting & Technologies specialize in providing IT support, management, and Security to Gov’t Contractors, CPAs, and Nonprofits.

at-yet (@-yet)

at-yet (@-yet)

at-yet are an interdisciplinary team of experts. We are all about achieving results, whatever the situation – an acute incident, risk minimisation, safeguarding or data protection.

Superna

Superna

Superna is the global leader in data security and cyberstorage solutions for unstructured data, both on-prem and in the hybrid multi-cloud.

Early Game Ventures (EGV)

Early Game Ventures (EGV)

Early Game Ventures invests in startups that jumpstart new industries in the emerging markets of Europe.

Black Alps

Black Alps

Black Alp's mission is to promote cybersecurity through the organization of dedicated events.