March news roundup: Insider threats on the rise
One thing we know for sure: threats to your company’s data are a moving target. Ransomware is evolving to become more sophisticated and hackers are finding new vulnerability points every day. While you’re strengthening your perimeter against outside attacks, you can’t neglect what’s happening within your organization. It’s vital to know who has access to what data. Below are some of this month’s top security news stories on the importance of being data-aware.
Insider threat fear greater than ever, survey shows (by Jai Vijayan, Dark Reading)
Despite continued spending on security measures when it comes to sensitive data, more organizations than ever feel vulnerable to breaches caused by insiders with legitimate access to enterprise systems. According to a survey of 508 security professionals, 74 percent of respondents say their organizations are vulnerable to insider threats. The survey, conducted for Haystax Technology by LinkedIn’s Information Security Community and Crowd Research Partners, also found that the biggest insider-threat fear (70 percent) was focused on “accidental data breaches resulting from careless data handling by insiders” and close to the same percentage of responders cited breaches caused by insider negligence, such as ignoring corporate policies.
Employees willing to leak and sell corporate access (by Dan Raywood, Infosecurity Magazine)
A study of 4,000 people in Europe found that 15 percent of respondents have taken business-critical information with them from one job to another and more than half (59 percent) planned to use it in their next job. The research found that the choice to steal information is about training a culture of accountability from the top down and that it’s all about loyalty. Once an employee leaves, data leakage and storing becomes an issue.
Data breaches continue to rise in the connected age (by Nick Ismail, Information Age)
Of the almost 1.4 billion records compromised, lost, or stolen in 2016, only six percent were encrypted (compared to two percent in 2015). This underscores the importance of being data-aware. Especially when it comes to government regulations, authentication and encryption aren’t enough. Knowing who has access to what data, where it lives, and when it was last accessed is vital to protecting your business and reputation.
Insider threat health data breaches doubled in February, Protenus says (by Jessica Davis, Healthcare IT News)
Last month, we saw a trend of healthcare ITs facing security risks and it doesn’t look like it’s going away any time soon. A recent study found that it took two organizations more than five years to discover that a breach had occurred. Even more, it took an average of 478 days from the time of breach to notify the Department of Health and Human Services. In addition, the worst single breach involved 100,000 patient records, which originated from an insider-error.
Subscribe to the DataGravity newsletter for more tips, tricks and news about data security.Like This