Study: Internal employees account for 43 percent of data loss

Intel Security studied internal and external data breaches and what data is compromised in each set of incidents.
Intel Security studied internal and external data breaches and what data is compromised in each set of incidents.

Although a majority of data compromises come from external actors, including nation-state groups and cybercrime gangs, internal employees account for 43 percent of data loss, half of the time these leaks are accidental, a new study from Intel Security indicates.

Whether the threat comes from inside or outside a company can affect what data is at-risk, researchers found. Customer information, for example, is likely to be taken 34 percent of the time when outside actors break into databases. Comparatively, customer information is only affected 25 percent of the time when internal people are involved. Most of the time, insiders compromise employee information.

Rees Johnson, SVP and GM of the Content Security Business Unit at Intel Security, told SCMagazine.com the differences in data likely has to do with the fact that employees often accidentally compromise data, whereas outside threat actors likely go for customer data because it's the most lucrative on underground digital marketplaces.

“It's fascinating to see a pivot into what's being targeted, and our information about who we are is now the number one target,” he said. “[Insider actors] do seem to care more about employee information; it's possible it's for recruiting.”

Usually, he said, employees target intellectual property if they're taking information purposely. That being said, this type of information is only affected about 15 percent of the time in both internal and external cases.

The study also demonstrated that as security team employees gain experience in a company, they're more likely to be familiar with best practices. While that does seem like good news, it stresses the importance of employee retention in a competitive marketplace, Johnson said.

He recommended CEOs or higher level security team employees monitor employees to ensure they're learning as they go, and if an incident or data breach does occur, to make sure they understand what went wrong.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS