A report recently published by the Ponemon Institute found that three out of four organizations have been hit by data loss or theft over the past two years.
The report indicates that the increase in data loss and theft is due in part largely to compromises of insider accounts worsened by far wider employee and third-party access to sensitive information than is necessary and by the constant failure to monitor access and activity around email and file systems.
Ponemon surveyed 1,371 end users and 1,656 IT and IT Security professionals from the UK, US, France, and Germany all from various industries.
The survey found among IT Professionals:
- 76% of respondents experienced the loss or theft of company data over the last two years
- Insider Negligence is more than twice more likely to cause the compromise of insider accounts than any other culprits such as external attackers and malicious employees
- 78% of respondents are extremely concerned with the ransomware threat, with 15% of organizations having already experienced ransomware and only half of those detected the attack on the first day
- 29% of respondents claim their organization enforces a strict-least privilege model
- 25% of respondents claim their organization monitors all employee and third party email and file activity
- 38% of respondents claim their organization does not monitor any activity
The survey found among End Users:
- 88% of end users claim their job requires them to access and use proprietary information like customer data, contact lists, employee records, financial reports, confidential business documents, and other sensitive assets
- 62% of end users say they have access to company data that they probably should not see
Despite years of high-profile breaches, significant financial losses, and serious reputational damage, data breaches continue to rise each year. Even with the technology we have available today it’s rather evident that organizations are not taking the threat of major disruption of business and reputation seriously enough.
The most valuable data found in breaches is unstructured data like emails and documents, and also just so happens to be the data that organizations have the most of, and know the least about.