“Careless users” are much more likely to cause incidents of data loss than compromised or misconfigured systems, according to a new report from Proofpoint.
The report is based on third-party survey responses from 600 security professionals at organisations with 1,000 or more employees across 17 industries from 12 countries, including Singapore.
These insights were supplemented with data from Proofpoint’s Information Protection platform and Tessian, which Proofpoint acquired last October, to convey the scale of the data loss and insider threats that organisations face.
Findings show that while organisations are investing in DLP solutions, those investments are often inadequate, with 80% of surveyed organisations in Singapore experiencing data loss in the past year.
Almost all of those affected faced a negative outcome such as business disruption and revenue loss (reported by more than 63% of affected organisations) or reputational damage (30%). Yet, only 1% of users are responsible for 88% of alerts.
Ryan Kalember, chief strategy officer at Proofpoint, said organisations need to rethink their DLP strategies to address the underlying cause of data loss—people’s actions—so they can detect, investigate, and respond to threats across all channels their employees are using including cloud, endpoint, email, and web.
Organisations in Singapore experienced the equivalent of more than one incident per month (a mean of 13 data loss incidents per organisation in the past year), and 68% of respondents said the main cause was careless users.
Proofpoint describes carelessness as including misdirecting emails, visiting phishing sites, installing unauthorised software, and emailing sensitive data to a personal account.
The company said These are all preventable behaviours that could be mitigated with practices such as implementing DLP policy rules for email, web uploads, cloud file synching, and other common data exfiltration methods.
One-third (33%) of Singaporean respondents said malicious insiders such as employees or contractors were behind data loss incidents. Malicious actions and departing employees who seek to harm the organisation can have even greater implications than careless insiders because these individuals are motivated by personal gains.
Also, departing employees do not always think they are acting maliciously—some simply feel entitled to leave with information they have produced.
Proofpoint global data shows that 87% of anomalous file exfiltration among cloud tenants over a nine-month period was caused by departing employees, underscoring the need for preventative strategies such as implementing a security review process for this user category.
Nearly three-quarters (74%) of respondents in Singapore identified employees with access to sensitive data, such as HR and finance professionals, as representing the greatest risk of data loss.
Additionally, Proofpoint global data shows that 1% of users are responsible for 88% of data loss events. The company said these findings indicate that organisations must prioritise best practices such as using data classification to identify and protect business-critical data and the “crown jewels,” as well as monitoring people with access to sensitive data or admin privileges.
While many programs were initially implemented in response to legal regulations, more than 50% of survey participants in Singapore cited protection of customer and employee privacy as the primary driver, alongside protecting intellectual property (50%).
