This blog post was written by Rick Simon.
Data is leaking out of your organization: accidentally or intentionally, by internals or externals, physically or electronically. During the past year, we have performed extensive research to identify what data is being targeted, who is taking it, how they are getting it out, and the best practices to reduce your exposure to data loss.
We found that most organizations do not realize that they are leaking data. Between 50% and 80% of data breaches are discovered by outside entities, typically when the data is used or sold. According to the 2016 Verizon Data Breach Investigation Report, internal discovery of breaches has been on a downward trend for 10 years.
It should be no surprise that data thefts are usually about the money or that between 60% and 80% of them are conducted by external agents. However, that still means that 20% to 40% of data loss is the result of intentional or accidental actions by people on the inside. Physical media, such as USB keys and laptops, are the most common method of data loss from internals, but fewer than 40% of organizations surveyed are watching these devices closely enough to catch them.
Organizations with data loss prevention (DLP) systems should be well positioned to block data leakage, but many do not appear to be using the tools to their best advantage. Data loss is increasingly happening with unstructured data, such as office documents, yet many organizations do not monitor unstructured data. Relying solely on regular expressions, which is a common method to find things such as credit card or social security numbers, leaves too much valuable information unmonitored.
On average, the IT professionals we surveyed reported dealing with about 20 incidents per day, but there was a tremendous range. Small companies and those in the Asia-Pacific region tend to run below average, while large companies, especially those in financial services and retail, tend to run higher than average. Because false negatives, or data loss that does not trigger an incident alert, are one of the challenges with DLP systems, we found that configuring systems to watch more actions is an important part of reducing the likelihood of data loss.
On the positive side, we found that 85% of all organizations surveyed delivered regular security awareness training to keep the importance of data protection fresh in people’s minds. Teaching employees how to recognize the value of the data they are processing makes the issue real for their particular jobs. Automatic pop-ups that notify them when they are doing something potentially risky are a great reminder, and do not consume a lot of resources.
For more information on this research, download the McAfee Labs Threats Report: September 2016.