19:00 | 10.12.2020
Code42 Data Exposure Report: COVID-19 Creates Perfect Storm for Insider Risk Growth, Organizations Unprepared to Protect Data
Code42, the insider risk detection and response leader, today released its latest Data Exposure Report on Insider Risk. The study, conducted by Ponemon Institute, found that both business and security leaders are allowing massive Insider Risk problems to fester in the aftermath of the significant shift to remote work in the past year. During that same time, three-quarters (76%) of IT security leaders said that their organizations have experienced one or more data breaches involving the loss of sensitive files and 59% said insider threat will increase in the next two years primarily due to users having access to files they shouldn’t, employees’ preference to work the way they want regardless of security protocols and the continuation of remote work. Despite these forces, more than half (54%) still don’t have a plan to respond to Insider Risks.
Additionally, the study found:
In the past year, 76% of IT security leaders say their organization has experienced one or more data breaches involving the loss of sensitive information contained in files.
Of those data breaches, the two most common causes were malicious or criminal insiders and employee carelessness, followed by external attacks and system glitches.
The study also found:
More than three-quarters (80%) of business decision makers believe they are entitled to or should own the work product they create.
Insider risk processes are broken in 70% of organizations where the C-suite and board of directors are briefed on insider threats annually, on an ad-hoc basis, only when they request it or not at all.
40% say they do not regularly – or ever – assess the effectiveness of their technologies in mitigating the insider threat.
66% of IT security leaders believe their budget for Insider Risk is insufficient and 54% of them spend less than 20% of their budgets on Insider Risk.
The study found:
59% of IT security leaders say insider threat will increase or increase significantly in the next two years primarily due to users having access to files they shouldn’t, employees’ preference to work the way they want regardless of security protocols and the continuation of remote work.
Employees are being disrupted while trying to do legitimate work. Over half (51%) of IT security leaders receive daily or weekly complaints about mistakenly blocking legitimate employee file activity.
Files moving from endpoint to cloud services and applications, whether employees are on or off the network, are the biggest Insider Risk blindspots for security teams.
More than half (53%) of security teams are blind to users moving files to untrusted domains. And 56% of security teams lack historical context into user behavior. In other words, security teams have no idea when an employee may become an Insider Risk.
Read our book, Inside Jobs: Why Insider Risk is the Biggest Cyber Threat you can’t Ignore.
Visit code42.com to learn more about our award-winning Incydr data risk detection and response solution.
Take a spin through an interactive demo of Incydr in our free sandbox environment.
More than 50,000 organizations worldwide, including the most recognized brands in business and education, rely on Code42 to safeguard their ideas. Founded in 2001, the company is headquartered in Minneapolis, Minnesota, and backed by Accel Partners, JMI Equity and Split Rock Partners. Code42 was recognized by Inc. magazine as one of America’s best workplaces in 2020. For more information, visit code42.com.
