There is always talk of zero-day exploits and open security gaps when it comes to data loss, but the biggest gateway is people. This emerges from a report by the cybersecurity company Proofpoint, which is intended to reflect the current status of data loss prevention (DLP). To this end, 600 security experts worldwide were surveyed and data from Proofpoint's protection platforms were evaluated.
Advertisement
Accordingly, 85 percent of companies reported at least one incident in which data was lost. On average, there was one incident per month. For half of those surveyed, business processes had to be interrupted, which also led to loss of sales. Other consequences include, for example, fines and damage to reputation.
Less than half of companies cited compromised systems (48 percent) as the reason for data loss, while misconfigured systems were cited in 45 percent of cases, with a lack of time and resources also exacerbating the problems. According to the survey, 70 percent of the increasing number of incidents are due to “negligent users”, such as employees, IT employees, contractors and providers. The problem is exacerbated by increased home working, as sensitive information is shared more frequently in different (cloud) environments. For example, emails were misdirected, phishing websites were accessed, unauthorized software was installed, confidential information was shared and published, or personal data was sent to private email accounts.
High employee turnover as a danger
57 percent of German respondents see “privileged users” with access to sensitive data, such as human resources and finance managers, as the greatest risk. According to the report, one percent of users are responsible for 88 percent of all data loss warnings. This doesn't seem dramatic at first, but according to Proofpoint it is: “Given this dynamic, there is a lot to be said for the identity of this one percent of users changing every month.”
The remaining 12 percent of warnings also pose significant risks, “since insiders in particular like to take data theft slowly and only occasionally exfiltrate important documents in order to avoid detection.” Accordingly, “retiring employees” are the riskiest user group at 32 percent. They are not always aware that they are acting maliciously; some feel entitled to take the data they have created with them.
87 percent of “anomalous file exfiltrations” on cloud accounts within nine months were due to employees leaving the company. Ten percent of survey participants reported more than 30 incidents per year in which “insiders” led to data loss. Another reason for data breaches is that around 30 percent of users send two emails to the wrong recipient every year.
Concern about AI as a reason for possible data loss
According to the report, only 38 percent of companies have a DLP program to protect against data loss. At least with Proofpoint's DLP software, rules are most often implemented that warn when using generative AI. Generative AI is increasingly taking on more routine tasks and processing confidential data.
According to the survey, half of companies in Germany use DLP programs to protect the privacy of employees and customers, followed by minimizing data loss (44 percent). A third of companies want to meet legal requirements with such programs. However, these figures should be viewed with caution, as only a fraction of the survey participants come from Germany and the partial results are not representative.
(mack)