Poor data hygiene a leading cause of insider data breaches

Register now

Although insider threats have been a concern in cybersecurity for years, relatively little has been done to address the leading cause—poor data hygiene, says Larry Ponemon, chairman and founder of the Ponemon Institute.

Insider threats occur when employees intentionally or unintentionally misuse access to confidential information that compromises the safety of an organization’s information systems.

The total average cost among 3,269 insider threats over the past year was $8.76 million, according to a new report for which the Ponemon Institute interviewed 717 IT and IT security practitioners in 159 organizations in North America, Europe, the Middle East, Africa and Asia-Pacific. The firm completed the interviews in January.

“Employees are not doing some basic things to create a more secure environment, and it puts a real cost on the organizations they serve,” Ponemon explains. “And it's not maliciously deliberate; it's because of poor hygiene that translates into very large costs.”

Large organizations paid a steeper price for the insider threats because of the complexity of their organizations, compared with smaller companies. Resolving insider-related incidents cost large organizations an average of $20 million over the last year, compared with an average of $1.8 million for smaller companies, according to the report.

“The larger the organization, the more complexity, and when you have complexity, bad guys see more opportunities to take advantage of the organization,” Ponemon says.

The report cited credential risk as the costliest type of insider incident, with an average of $648,846 per event, compared with $607,745 for criminal and malicious insider risk and $283,281 per incident for employee or contractor negligence.

Credentialed insider threats are particularly difficult to detect, Ponemon notes.

“When someone steals valid credentials, if you don't have the right security tools, you're basically not going to know whether that's authentic or whether it's a bad guy that just has honest, legitimate credentials,” Ponemon says.

In the report, 64 percent of the insider threats were a result of negligent insiders, compared with 23 percent of incidents caused by criminal and malicious insiders and 13 percent of attacks related to credentialed insiders.

Causes of negligence among insiders include employees being sloppy about changing passwords or inadvertently exposing data on their computer while leaving their screen exposed when they walk around the office. Keeping generic passwords also leaves companies vulnerable to data theft. And when in a coffee shop, employees need to take steps to use a secure VPN or a mobile hotspot device rather than public Wi-Fi, Ponemon says.

“Normally, it starts with a careless employee who is not actually taking the right steps to create a more secure environment,” Ponemon says. “It’s not malicious or deliberate. They basically find things that they prefer for efficiency, convenience, or they're really under pressure and they can't stop and take that extra 15 minutes a day to make sure that they’re following the requirements for security and privacy. That's the profile of the negligent insider.”

Organizations need to keep their insider threat strategies transparent, according to Christy Wyatt, CEO of Dtex Systems, which offers an intelligence platform to combat insider threats. “There needs to be assurances that internal leadership won’t use collected data to abuse power,” she says.

Meanwhile, Mike McKee, CEO of ObserveIT, the insider threat management software company that sponsored the report, recommends a “holistic” approach to fighting insider threats.

“Understanding the growing costs and time associated with preventing and managing insider threats, organizations need to invest in a holistic cybersecurity solution to assist with real-time detection, deterrence, education and prevention,” he says.

Another strategy is to develop an insider threat playbook, according to McKee. “This playbook should include people representing a cross-section of the organization: IT ops, IT security, legal, HR, risk/compliance and executive representation, as well as strong supporting technologies,” McKee says.

Going forward, intelligence technology such as automation, artificial intelligence and machine learning can play a part in combating insider threats, according to Ponemon.

For reprint and licensing requests for this article, click here.