Data theft rising sharply and insider threats are a leading cause, says Ponemon study

Three out of every four organisations have been hit by the loss or theft of important data over the past two years, a sharp increase since 2014. So says a new survey of more than 3,000 employees and IT practitioners across the U.S. and Europe.

The report, released today, was conducted by the Ponemon Institute and sponsored by Varonis Systems, Inc. a provider of software solutions that protect data from insider threats and cyberattacks.

The rise in data loss and theft, according to the survey, is due in large part to compromises in insider accounts that are exacerbated by far wider employee and third-party access to sensitive information than is necessary, and by the continued failure to monitor access and activity around email and file systems – where most confidential and sensitive data moves and lives.

The survey report, “Closing Security Gaps to Protect Corporate Data: A Study of U.S. and European Organisations,” resulted from interviews conducted in April and May, 2016, with 3,027 employees in the United States, United Kingdom, France, and Germany.

Respondents included 1,371 end users and 1,656 IT and IT security professionals, in organisations ranging in size from dozens to tens of thousands of employees from a variety of industries including financial services, public sector, health care and life sciences, retail, industrial, and technology and software.

Among the key findings:

  • 76% of IT practitioners say their organisation experienced the loss or theft of company data over the past two years. This is a significant increase from 67% of IT respondents who gave the same response in the 2014 study conducted by Ponemon for Varonis.
  • IT respondents say insider negligence is more than twice as likely to cause the compromise of insider accounts as any other culprits, including external attackers, malicious employees or contractors.
  • 78% of IT people are very concerned about ransomware, a type of malicious software that that blocks access to files until a sum of money is paid. In all, 15% of organisations have experienced ransomware and barely half of those detected the attack in the first 24 hours.untitled
  • Almost 9 out of 10 (88%) of end users say their jobs require them to access and use proprietary information such as customer data, contact lists, employee records, financial reports, confidential business documents, or other sensitive information assets. This is sharply higher than the 76% recorded in the 2014 study.
  • 62% of end users say they have access to company data they probably shouldn’t see.
  • Only 29% of IT respondents report that their organisations enforce a strict least-privilege model to ensure insiders have access to company data on a need-to-know basis.
  • Only 25% of organisations monitor all employee and third-party email and file activity, while 38% do not monitor any file and email activity.
  • 35% of organisations have no searchable records of file system activity, leaving them unable to determine, among other things, which files have been encrypted by ransomware.

    1b0dd44
    Larry Ponemon, chairman and founder of Ponemon Institute

Dr. Larry Ponemon, chairman and founder of Ponemon Institute, a leading research center dedicated to privacy, data protection and information security policy, observes, “Despite all the technology available and the spike in highly publicised attacks, data breaches continue to rise. The most valuable data featured in most breaches is unstructured data such as emails and documents.

When emails and files are surfaced, they tend to cause scandal, forcing the breach to have a lasting effect on the company’s reputation. This survey raises key points as to why hackers are able to maximise impact – too many employees have too much access, beyond what they need to do their jobs.

On top of this, when employees access valuable data and their activity is not tracked or audited, it becomes far too easy for an external hacker or a rogue insider to get away unnoticed.”

Yaki Faitelson, CEO Varonis
Yaki Faitelson, co-founder and CEO, Varonis

Yaki Faitelson, co-founder and CEO of Varonis, said, “Right now we’re in a technology arms race with hackers and insider threats. Unnecessarily excessive internal access combined with a lack of monitoring and auditing sets organisations up for disaster.

Sony Pictures, the Panama Papers and the recent Democratic National Committee intrusions all concerned the theft of files and emails that were not protected well enough from insider threats or outside attackers that compromised insider credentials, causing major damage to those organisations and their reputations.

“These new findings, alongside the fallout from those breaches, should keep executives awake at night. What will be the straw that makes businesses focus their efforts on protecting their precious information assets? Varonis is helping thousands of organisations around the world address these challenges, prepare for and stop ransomware and other malicious threats that get inside and impersonate insiders,” Faitelson concluded.

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow

RECENT ARTICLES

Axiomtek launches compact DIN-rail IIOT gateway for data driven energy

Posted on: November 30, 2022

Axiomtek, a world-renowned specialist relentlessly devoted in the research, development, and manufacture of series of innovative and reliable industrial computer products of high efficiency is pleased to announce the ICO120-E3350, an extremely compact industrial IoT gateway powered by the Intel Celeron processor N3350 (codename: Apollo Lake-M). The ruggedised designs feature fanless operation, -40°C to 70°C

Read more

Semtech, AWS to create low-power IoT track and trace services with LoRa cloud geolocation

Posted on: November 30, 2022

Please replace the release with the following corrected version due to multiple revisions to the Forward-Looking and Cautionary Statements.

Read more
FEATURED IoT STORIES

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more