InfoWatch report, there were 1,395 cases of data leaks in 2014. The report revealed that due to insiders' actions, 350 million personal data records have been compromised, representing about 73% of the leaks. When you further break these figures by guilty persons, 54% were caused by employees, 26% by intruders, and the rest were by contractors, managers, system administrators, former employees, and other unknown entities.
Data leaks happen more frequently than has been thought to occur, and are more damaging than the malicious leaks caused by insiders. Almost 50% of the respondents believed that most data leaks in their enterprise were accidental, and only 44% believed that they were deliberate. 6% were unknown. The data leak forecasts are not very different for 2015 and 2016.
Most data leaks within the enterprise are classified as unintentional data leaks because, in most cases, the individuals are just doing their job and do not understand that they are compromising the data in the process. Employers are hesitant to suspect devious behavior.
Most employers are conscious that their people are their biggest assets and they need to maintain trust with their employees. However, they also recognize that the complexities of the growing enterprise, the complex internal structures with consultants, partners, outsourcers and suppliers interacting pose a number of risks to information lying with in the organization. It is a big security challenge that they need to address and address quickly.
A peculiar unintentional security offense that most organizations commit is the reluctance to delete or indifference to the existence of expired user accounts. Interestingly, statistics reveal that about 50% of user accounts are expired in most organizations. These accounts can become a major source of threat and can have a major impact on the internal data security systems.
The original users of the expired account can validly continue to use the enterprise accounts and use the IT resources for network, email, applications and data. Other insiders can use these accounts for wrongdoing and audits will fail to track the users or pin down the offenders responsible for data leaks.
The solution to the problem lies in having a holistic look at access policy of the organization. A framework for the policies, procedures and best practices need for the enterprise must be defined to effectively address the problem. IT Administrators and users must be trained to understand the implications of their actions and must be made conscious of internal security requirements of the organization.
It is heartening to note that cloud computing is automatically highlighting the importance of data access policies and encouraging subscribers to create, implement and maintain stringent conditions of access for the internal users of their data. Data monitoring and user management are built into the very process of transmitting, storing, accessing or restoring data to and from remote servers in the cloud.
EVS is a globally trusted cloud backup and data storage company based in Memphis, TN, which provides simple, automatic, secure, encrypted, and data backup and storage.