7 Security Mindsets to Protect Your Vital Business Assets If you’ve ever wondered just how much damage someone with approved access to your network can do, I’d like to direct your attention to a couple of studies that have recently been released. An Intel Security study on data exfiltration found that insiders are responsible for […]
7 Security Mindsets to Protect Your Vital Business Assets
If you’ve ever wondered just how much damage someone with approved access to your network can do, I’d like to direct your attention to a couple of studies that have recently been released.
An Intel Security study on data exfiltration found that insiders are responsible for 43 percent of all data loss. According to the report, one reason that percentage is so high is because of the ease of access:
When they were involved in data exfiltration, whether it was intentional (just over half) or accidental, internal actors were more likely to use physical media instead of electronic methods, especially USB drives and laptops. Employee information, both identity and health data, was a larger target for internal actors than customer data, perhaps because it is more accessible. Office documents were the most common format of data stolen by internal actors, probably because these documents are stored on employee devices and many organizations place few controls on the data once it is no longer in a database.
What caught my attention in this study wasn’t just the high percentage of insider-caused loss—I’ve come to expect that—but how evenly split the numbers were between accidental losses and intentional breaches. We tend to focus more on the accidental and talk about the need for better security education to avoid those mistakes.
However, this survey showed that more needs to be done to examine the intentional acts. Are they malicious, with intent to bring harm to the company? Are they due to an employee’s curiosity, such as wanting to learn more about another employee? Or maybe they are an intentional accident, like accessing sensitive documents without realizing security protocols were breached? In order to address these insider breaches, we need to have a better understanding about why they are happening in the first place. And yes, it may circle right back to educating employees on security issues.
Another study conducted by Bloomberg Law and International Association of Privacy Professionals, titled “Assessing and Mitigating Privacy Risk Starts at the Top,” warns that employees and third-party vendors are a serious risk to companies, but not enough is being done to manage those insiders in order to prevent data loss. The study found that only 35 percent of companies admit to doing enough to monitor employee behavior when it comes to risk, and that number drops to 30 percent when monitoring vendors.
While the Intel Security study highlights the need for improved education and understanding of what institutes data loss, the Bloomberg Law survey shows that IT and security leaders need to step up their game when it comes to monitoring network behavior to lessen potential insider threats.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba.
Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
