The insider threat is alive, thriving and often responsible for major data breaches that expose everything from consumer credit-card information to valuable intellectual property (IP), and the findings of our most recent survey support this assertion.
- The results from a pool of 419 enterprise-security respondents revealed that 23 percent of enterprises have experienced insider-driven data breaches.
- 47% of enterprise respondents reported that former employees took information with them before they left the company
- 53% of enterprise respondents have discovered that employees use company-issued devices to send company information to personal email and cloud-based file-sharing accounts such as Yahoo! or Gmail and cloud-based file sharing accounts such as Box, DropBox or Hightail
- 49% of enterprise respondents have discovered that employees are copying corporate data to USB flash storage devices
- 33% of end-user employee respondents reported that they transfer corporate information via personal Yahoo! and Gmail accounts (200 respondents)
- 23% of end-user employee respondents reported that they transfer corporate information using Box, Dropbox or Hightail (200 respondents)
- 44% of insider-driven breaches include intellectual property, business plans, technology designs, M&A information and information that corporate policy says should not be sent outside of the organization (93 enterprise respondents).
- 98% of enterprise respondents have discovered employees visiting non-work-related websites with company computers (419 respondents).
- 77% of enterprise respondents reported that their organizations have policies against employees using corporate-issued computers to conduct personal activities (419 respondents).
Unfortunately, the majority of traditional IT security solutions are not designed to defend against insider threats. These solutions are therefore not capable of signaling security and risk teams when someone with authorized access to their organization’s most sensitive and valuable information is using it to commit a crime or is in violation of corporate or regulatory policy. Source: SpectorSoft Corporation