Half of data breaches are the fault of insiders, not hackers, research finds

Panel urges companies to avoid euphemisms and acknowledge when they've been breached - or risk being fined

An increasing number of security breaches are the result of the actions taken by an employee or third party. This can be down to purposeful data leakage - a malicious insider - but is more commonly accidental.

New Computing research, presented in our recent websem ‘Proactive protection: The human element of cyber security' - now available on-demand - found that almost half of data breaches were the accidental fault of an employee, perhaps through clicking on a phishing email.

Respondents indicated that only 24 per cent of incidents were down to an external attacker.

Carl Leonard, principal security analyst at Forcepoint, said that many accidental data breaches may be due to users following best practice, but lacking the tools to see what data should remain confidential: "It's a risk that many businesses haven't understood and haven't got the tools to handle yet."

Regardless of how it leaves the network, new regulations like the GDPR put the focus squarely on the fact that data has been leaked. The panel - which also included Jeremy Wittkop, CTO of InteliSecure, and Martin Sugden, CEO of Boldon James - agreed that companies are misunderstanding the term ‘data breach'.

"When people are sending data to the wrong place they're not calling that a breach, they're calling it a mistake - but under the GDPR, that can cost you," said Sugden. "Reputation management is taking over from data management… Staff aren't being kept aware of the issues that are happening and so don't know that they could be causing them."

Wittkop concurred: "People are getting clever with how they define what a breach is… It's a very inflammatory term now. They say ‘small data leakage' or ‘accidental exposure', but these are all types of breach."

User monitoring and training are the best ways to deal with the threat of accidental data leaks by an insider, the panel said. The general market is "quite fearful" of monitoring, though, "because they don't understand it," said Wittkop.

"We're not standing over peoples' shoulders and watching screen replays, it's about monitoring what is normal."

"User behaviour should be part of the security profile and programme, simply because there's no time to respond to everything," Wittkop said at the end of the session. "We need to prioritise threats on abnormalities."