A new study by the British research organisation Opinion Matters, sponsored by Egress, reveals the up-to-date trends and causes of accidental data breaches in the USA. One of the main findings is that 83% of security professionals believe that employees have accidentally exposed customer or business sensitive data at their organisation. According to the research companies’ failure to encrypt data prior to sharing it (internally and externally) is behind these staggering results. Therefore, organisations are put at risk of non-compliance with the GDPR and other regulations.
The survey included 1,006 US-based security professionals at organizations of 500 people or more with the aim the frequency and causes of accidental data breaches to be found. The broader cybersecurity trends and organisational responses to accidental data exposure were also examined.
The 5 most common technologies that have led to accidental data breaches by employees were identified. These are:
- 51% - external email services (Gmail, Yahoo!, etc.)
- 46% - corporate email
- 40% - file sharing services (FTP sites, etc.)
- 38% - collaboration tools (Slack, Dropbox, etc.)
- 35% - SMS / messaging apps (G-Chat, WhatsApp, etc.)
Apparently, sending emails, which contain sensitive, not encrypted data, is the most common way for employees to expose it. Opinion Matters’ report further reveals an analysis on the type of action that can compromise data via email:
- Accidental sharing / wrong email address (The Outlook Auto-Insert problem)
- Email forwarding of sensitive data
- Sharing attachments with hidden content
- Forwarding data to personal email accounts
Changes that the GDPR brought were also stated in the report. It shows that 59% of respondents have implemented new security policies, 54% invested in new security technologies and 52% invested in regular employee training.
Mark Bower, Egress Chief Revenue Officer and NA General Manager, commented on the survey results in a press release:
“The explosive growth of unstructured data in email, messaging apps and collaboration platforms has made it easier than ever for employees to share data beyond traditional security protections combine this with the growing cultural need to share everything immediately, and organizations are facing the perfect storm for an accidental breach. What really stands out in the survey though, is that despite onerous regulations being enacted, companies are still failing to encrypt data before enabling employees to share it. Encryption is a well-known best practice that can prevent accidents from leading to a major incident resulting in hefty compliance penalties.”
Lyubomir Tulev, Chief Cyber Security Operations Lead at AMATAS, also reflected on the research findings:
“According to my experience, corporate emails are even more common in exposing sensitive data by employees. That’s because there are many tools that automate the search and discovery of corporate emails, and make it easier for a hacker to obtain corporate information than information from social media for example.”
Tulev and other security experts at AMATAS also claim that it is common practice for the majority of employees in different companies to have access to their personal profiles in social media like Facebook within their work environment. And what is worse is that many of them use the same password for their Facebook account as for their corporate email account. Thus, a hacker who has managed to access their Facebook profile, can easily get hold of corporate information as well.