Senior employees ‘more likely’ to commit data breaches

20 Feb 2020

Image: © tippapatt/Stock.adobe.com

A new survey from Egress said that director-level employees are more likely to intentionally leak data from their company.

The vast majority (97pc) of IT leaders said insider data breaches continue to be a major concern, according to new research from software company Egress.

Of the IT leaders surveyed in December 2019, 78pc believed employees had put data at risk accidentally in the past 12 months, and 75pc believed employees had done so intentionally.

In terms of accidental breaches, 41pc of employees who had accidentally leaked information said they had done so because of a phishing email, while 31pc said they caused a data breach by accidentally sending information to the wrong person.

Egress CEO and co-founder Tony Pepper said incidents of people accidentally sharing data with incorrect recipients is not a new phenomenon.

“However, we are in an unprecedented time of technological development, where tools built using contextual machine learning can combat common issues, such as misdirected emails, the wrong attachments being added to communications, auto-complete mistakes, and employees not using encryption tools correctly,” he added.

“Organisations need to tune into these advances to truly be able to make email safe.”

Disrespecting data policies

When it comes to intentional breaches, the seniority of employees may be a factor. According to the survey, 78pc of directors have intentionally shared data against company policy in the past year, compared with just 10pc of clerical staff.

Directors were also the most likely to take data with them to a new job, with almost 70pc of those who had intentionally broken the data policy doing so when they changed jobs, compared with the overall average of 46pc.

Additionally, only 8pc of director-level employees believe that everyone has equal responsibility for securing data. The survey also said employees had misconceptions about data ownership, with 41pc of employees saying they don’t believe that data belongs exclusively to the organisation and only 37pc recognising that everyone has responsibility for keeping data safe.

Pepper said employees want to own the data they create and work on without the responsibility of keeping it safe.

“This is a toxic combination for data protection efforts. When you add their propensity to take data with them when they change jobs and willingness to take risks when sharing information, the scale of the challenge faced by security professionals is alarming,” he said.

Jenny Darmody is the editor of Silicon Republic

editorial@siliconrepublic.com