Fasoo just released the results of the security industry’s first look at how confident organizations are about protecting intellectual property and other high value information. In the latest Ponemon Institute survey titled, “Risky Business: How Company Insiders Put High Value Information at Risk”, 72 percent of organizations are not confident they can manage and control employee access to confidential documents and files. This study reveals that insiders are the highest security risk to an organization.
The Ponemon Institute surveyed 637 U.S. IT security practitioners familiar with their organization’s approach to protecting data, documents and files against cyberattacks. For the purpose of this research, high value information includes trade secrets, new product designs, merger and acquisition activity, intellectual property, financial data, and confidential business information.
Based on the findings of the research, employees and other insiders often lack the information, conscientiousness and guidance needed to make intelligent decisions about the information they access and share. Companies are more confident they can stop external attackers from accessing confidential information than their own employees and contractors. This study should make executives and security professionals think about how they control internal access to sensitive information.
Some of the key findings from the study include:
- 56 percent of companies believe the primary cause of data breaches are careless employees
- 70 percent can’t locate confidential information
- 60 percent don’t have visibility into what confidential documents and files employees are sharing
- 73 percent say their organization lost confidential information in the last 12 months
- 59 percent are not confident in preventing data leakage by careless employees
Safeguarding high value information is a two-way street. Employees need to be responsible and follow data protection policies and safeguards. Companies need to have the tools, expertise and governance practices to protect sensitive and confidential information.
An interesting finding in the Ponemon survey is that sales departments, C-level executives, Finance and Human Resources pose the greatest risk to information assets. This points to a greater risk of insider threats compromising sensitive data than external hackers and cyber criminals.
“There is a belief that data breaches are the work of malicious actors, internal and external, but it is more often the result of careless behavior by employees who don’t understand the impact of sharing files. The findings in this study should serve as a wake-up call for all organizations determined to protect high value information,” said Larry Ponemon, President, Ponemon Institute. “Better security hygiene, including education and consequences for risky behavior, should include every employee with access to information in addition to the organization locking down proprietary data, intellectual property and confidential information that shouldn’t be accessed by everyone.”
Click here to access the full report.