10 leading causes of IT security gaps

Organizations are failing at security, as data loss is increasingly common

According to a new Ponemon Institute study, “Closing Security Gaps to Protect Corporate Data: A Study of US and European Organizations,” 76 percent of organizations experienced a loss or theft of data last year. The study looks into the factors behind those incidents and lessons that can be learned from them.

Some 76 percent of IT practitioners say their organizations experienced the loss or theft of data over the past two years. That’s up significantly from 67 percent of respondents who participated in the 2014 study. Here are the top 10 reasons for security issues, as uncovered by Ponemon.

1. Insider negligence is the top internal threat

When a data breach occurs, negligent insiders are most likely to blame, say 50 percent of IT respondents. In fact, insider negligence is more than twice as likely to be the cause of a breach as any other reason, including external hackers, malicious employees or contractors.

2. Ransomware is a growing nightmare for companies

While hackers generally want to fly under the radar as they’re stealing or gaining access to valuable data, ransomware attacks are different—attackers covet publicity to put pressure on organizations that have been hacked. Organizations still feel vulnerable to these attacks—78 percent of respondents to the Ponemon survey are extremely or very concerned about ransomware.

3. Employees need access to more proprietary data

End users report a sharp increase since 2014 in their access to sensitive and confidential information. In this year’s study, 88 percent of respondents say their jobs require them to access and use proprietary information, such as customer data, contact lists, employee records, financial reports, confidential business documents, software tools or other information assets. That’s up from 76 percent of respondents in 2014.

4. Companies lack the ability to track employees’ access to confidential data

Employees have more opportunities to deal with sensitive data, such as confidential information in email and attachments with sensitive information, non-financial business information and customer information, including contact lists. Some 62 percent of end users say they have too much access to confidential corporate data. That’s down slightly from 2014, when 71 percent of respondents said end users had too much access. In addition, 47 percent say such access happens very frequently or frequently.

5. Progress in combating these threats is not encouraging

Only 29 percent of IT respondents say their companies fully enforce a strict “least privilege” model to ensure only appropriate insiders have access to organizational data on a need-to-know basis. The list of individuals who have access to file shares and other collaborative data stores is rarely reviewed. Some 24 percent of IT respondents say they never review the list. However, 16 percent say they review the lists twice a year, and another 38 percent review it once a year.

6. Many organizations have no searchable records of file system activity

Some 35 percent of respondents say their companies do not maintain a searchable record of the file system activity. Failure to audit file system activity is a significant vulnerability, especially in trying to prevent ransomware attacks.

Without an audit trail, there is no way to determine which files have been encrypted by ransomware. Of organizations that monitor file system activity, records of activity are preserved for more than a year by 28 percent of respondents; more than a week by 21 percent; and more than a month by 16 percent of respondents.

7. Companies are slow to detect unauthorized file access

Only 25 percent of respondents say their organization monitors all employee and third-party file and email activity, and 38 percent say their organization does not monitor file and email activity at all. Only 24 percent of respondents say they are able to determine if employees are accessing information they are not authorized to see.

8. End users are not deleting files, thus exacerbating vulnerability

Some 43 percent of respondents say they “forever” retain and store documents or files they created or worked on. Another 25 percent of respondents say they keep documents or files one year or longer.

9. Moving to the cloud is happening much more slowly than expected

Crown-jewel data continues to be stored on premises, and 86 percent of respondents say their organizations have most of their data stored on premises. In contrast, 13 percent of respondents say most of their information is stored in the cloud.

10. Too many organizations aren’t taking security seriously enough

Every organization relies on—and is entrusted to protect—valuable, confidential and private data. The most valuable data featured in most breaches is unstructured data, such as emails and documents. This is the data that most organizations have the most of, but know the least about.

When emails and files are surfaced publicly, they tend to cause scandal, and as a result, the breach has a lasting effect on the organization’s reputation. Despite the technology available and the continued rise of data loss and theft, it is clear that most organizations are not taking the threat of major disruption in business and reputation seriously enough.

Key finding—2 troubling factors account for most data theft and loss

The inescapable conclusion is that the continuing increase in data loss and theft is largely a result of two troubling factors: Compromises in insider accounts that are exacerbated by far wider employee and third-party access to sensitive information than is necessary; and the continued failure to monitor access and activity around email and file systems, where most confidential and sensitive data moves and lives.