Insiders Responsible for 43% of Data Breaches

Among companies experiencing data breaches (and that is to say, a majority), internal actors were responsible for 43% of data loss, half of which was intentional, and half accidental.

That’s a staggering amount of risk lingering inside organizations, especially when one considers that the report, from Intel, also revealed that security professionals have experienced an average of six significant security breaches each.
Interestingly, insider threats aren’t recognized as the gaping issue that they are. Breaches perpetrated by disgruntled employees and other forms of inside jobs come in at sixth place for most of the world in terms of security concerns, except in Asia-Pacific, where it’s No. 2. Cloud deployments, in contrast, brought with them increased anxiety of more security breaches, although there was no indication of increased risk with cloud applications.

Intel also found that in 68% of data breach incidents, the data exfiltrated from the network was serious enough to require public disclosure or have a negative financial impact on the company. The same was true for 70% of incidents in smaller commercial organizations, and in 61% of breaches in enterprises.

The average number of breaches was highest in Asia-Pacific organizations, and lowest in UK and US enterprises. More than 10% of Asia-Pacific companies reported over 20 breaches, compared to just above 1% of North American and 4% of UK enterprises reporting more than 20 breaches.
“Most security studies and statistics focus on infiltration: how attackers are getting past security defenses and into the network,” explained Intel, in the report. “That part of the attack is more visible, compromising machines and triggering events and alarms in the security operations center. Until now, there has been very little information available on the less visible act of data exfiltration: how attackers are removing data. Whether you see it or not, data exfiltration is a real risk for most organizations.”

Consistent with previous studies, privacy and confidentiality of customer and employee data were the biggest concern, and poor security practices the biggest challenge in the face of increasingly sophisticated attacks. In practice—no surprise here—personal information from customers and employees is the No. 1 target (62%), as the value of private personal data surpasses even that of credit cards.

One quarter (25%) of data exfiltrations used file transfer or tunneling protocols, such as FTP or SCP, and 32% of data exfiltrations were encrypted. Microsoft Office documents were the most common format of stolen data (25%).
About 64% of security professionals felt data loss prevention (DLP) technology could have prevented their data exfiltration events; respondents using DLP had a strong correlation with internal teams detecting and preventing data theft.
Interestingly, the theft of physical media is still quite common, implicated in 40% of exfiltrations.

Info-Security

« Xi Jinping At Seattle Tech Summit
Cyber Peace? The U.S and China Reach an ‘Understanding’ »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Somansa

Somansa

Somansa is a global leader in Data Security and Compliance solutions designed to protect valuable company information from leakage and help meet regulatory compliance requirements.

Private Internet Access

Private Internet Access

Private Internet Access is a Virtual Private Network services provider offering secure encrypted access to the internet.

MER Group

MER Group

MER Group is a world-leading integrator in the areas of communications and security. MER cyber solutions cover the entire range of cyber and intelligence related products and services.

Puleng Technologies

Puleng Technologies

Puleng provides customers with a client-centric strategy to manage and secure the two most valuable assets an organisation has - its Data and Users.

PBOSecure

PBOSecure

PBOSecure is a dynamic and progressive IT consultancy company specializing in IT and Industrial Control System (ICS) security.

Axcient

Axcient

Axcient offers MSPs the most secure backup and disaster recovery technology stack with a proven Business Availability suite.

The Security Company (TSC)

The Security Company (TSC)

The Security Company is a leading provider of creative employee security awareness programmes.

RiskXchange

RiskXchange

RiskXchange's cybersecurity risk rating solution helps businesses solve complex cybersecurity and compliance challenges by providing a 360-degree view of your cybersecurity posture.

Baxter Clewis Consulting

Baxter Clewis Consulting

Baxter Clewis are cyber security and compliance experts. We provide Security Consulting, IT Assurance, and Technical Security services.

WheelHouse IT

WheelHouse IT

WheelHouse IT secures, manages, and advances businesses with innovative, cost-effective IT solutions.

Primary Guard

Primary Guard

Primary Guard provides IT solutions and computing technologies that help minimize impact from cyber threats, improve business efficiency and maintain essential functions during or after a disaster.

Prescott

Prescott

Prescott acts as your guiding light in the preparation for your CMMC assessment and long after by governing your cybersecurity practice.

TachTech

TachTech

TachTech is passionate about trust, security and privacy in the digital world. We create tailored security and compliance solutions to improve your business.

Karate Labs

Karate Labs

Karate is an open-source unified test automation platform combining API testing, API performance testing, API mocks & UI testing.

RightCue Assurance

RightCue Assurance

RightCue Assurance identify opportunities for improvement in the Information Security for your organisation and work with you to reduce cyber risk.

Actelis Networks

Actelis Networks

Actelis Networks is a market leader in cyber-hardened, rapid deployment networking solutions for wide-area IoT applications.