recent work

Vast majority of information compromises come from firms’ employees

New research by Forrester has suggested that only 25% of data breach cases come from external places, i.e. hackers, and just 12% were as a result of ill-intent. A staggering proportion of cases, 63%, were caused by employees, doing things such as losing laptops and inadvertently misusing equipment and privileges.

It’s not simply just a matter of having the appropriate tools and controls in place. It’s worth noting that only 56 percent of information workers in North America and Europe say that they are aware of their organization’s current security policies,” said researcher Heidi Shey in the report.

As for the victims of the breaches, employee and customer personal data accounted for 22% of cases reported, while intellectual property accounted for 19%. Sensitive identity management credentials like user names and passwords came in at 11%.

An interesting observation made as a result of the research was that “most organizations seem to have policies when it comes to mobile security, but most of them don’t have adequate protections in place because they lack the tools required to enforce those policies… While most mobile devices have native capabilities as measures against breaches – such as passcodes or passwords, and remote lock and wipe – almost 25% of those surveyed said they don’t have any form of data protection implemented on their devices”.

All in all, it seems that employee training for security awareness is in order. “Whether their actions are intentional or unintentional, insiders cause their fair share of breaches,” wrote Shey.

To view the report by Forrester, please click  here.