What do the Mercedes-Benz C Class, teeth whitening strips, the Apple iPhone and personally identifiable information have in common? Each is the item most commonly stolen from its respective category: luxury cars, personal care items, smartphones and corporate data. In the 2015 study entitled Grand Theft Data – Data exfiltration study: Actors, tactics, and detection, Intel Security reports:
- Internal actors were responsible for 43% of data loss, half of which is intentional, half accidental.
- Microsoft Office documents were the most common format of stolen data (25%).
- Personal information from customers and employees was the number one target (65%).
- Internal actors were responsible for 40% of the serious data breaches experienced by respondents and external for 57% of data breaches.
The report describes internal actors as employees, contractors and third-party suppliers, with a 60/40 split between employees and contractors/suppliers. Office documents were the most common format of data stolen by internal actors—probably because these documents are stored on employee devices—which many organizations do not manage.
In a 2013 report by LogRhythm, a cyber threat defense firm, a survey of 2000 employees found that 23 percent admitted to having looked at or taken confidential data from their workplace, with one in ten saying they do it regularly. In this study, two thirds of respondents said their employer had no enforceable systems in place to prevent access to data such as colleague salaries and bonus schemes.
Employees that move intellectual property outside the company believe it is acceptable to transfer work documents to personal computers, tablets, smart phones and file sharing applications and most do not delete the data because they see no harm in keeping it. As reported in the Employee Churn white paper, many employees attribute ownership of IP to the person who created it.
Four quick fixes to curb insider threat
As the rate of insider theft approaches the rate of successful hacks, organizations can start with four common sense principles to shore up security immediately:
- Trust but verify: Understand that the risk of data loss from trusted employees and partners is real and present. Watch for data movement anomalies in your endpoint backup data repositories and act upon them.
- Log, monitor and audit employee online actions and investigate suspicious insider behaviors.
- Disable employee credentials immediately when employees leave and implement strict password and account management policies and passwords. Astonishingly, six in ten firms surveyed do not regularly change passwords to stop ex-employees from gaining access to sites and documents.
- Implement secure backup and recovery processes to prepare for the possibility of an attack or disruption and test the processes periodically.
Download the executive brief, Protecting Data in the Age of Employee Churn, to learn more about how endpoint backup can mitigate the risks associated with insider threat.