While much attention is paid to cyber attacks, the root of many data breaches is actually internal. Bloomberg Law just released a survey identifying vendors and insiders as the biggest risks to corporate data security. The survey revealed that vendors and insiders are rated the most poorly among employer performance, showing that corporations are failing to manage the risks of vendors and insiders.
In Assessing and Mitigating Privacy Risk Starts at the Top, Bloomberg Law and the International Association of Privacy Professionals (IAPP) survey, of 347 corporate privacy professionals, looked at common causes of data breaches as well as the factors considered most important in mitigating data breach risk. The survey revealed that only 35% of respondents believe employers perform well in employee monitoring, and 30% believe employers perform well in vendor management. The survey suggests that privacy professionals struggle with accurate perception and evaluation of risk.
These findings support recent studies we've discussed also tying security incidents to inadvertent human error, or collective issues related to “people.” Earlier this year, the Verizon DBIR tied 90% of all security incidents back to “people,” whether mistakes, phishing, bad behaviour, or lost stuff. Whether these incidents happen internally or through vendor relationships, it’s clear that we need to rethink the priorities of data protection.
The Bloomberg Law study attempts to dig deeper into the understanding of privacy issues and suggests that leadership buy-in is the most important factor mitigating the risk of data breaches. We’ve talked about the importance of this top-down approach to data security, and how board-level, C-level and data protection officer roles can have a positive change how an organization approaches data security. Bloomberg Law has developed resources to help counsel and leadership remain informed on data security legislation and tools; information is key to leadership buy-in, which will drive effective change to corporate culture on protecting data.
A corporate culture that prioritizes data security will include ongoing Education, regularly updated and well-communicated Policies and Layered Technology solutions to secure data and the devices that contain this data. In our own whitepaper, The Enemy Within - Insiders are still the weakest link in your data security chain. we talk about the challenges that “people” pose to data security and how Absolute DDS can help your organization plug the security holes created by mobility and human error. Our unique Persistence technology offers an important layer to any data security strategy and helps mitigate the risk of human error, rogue employees, and cybercrime. Learn more at Absolute.com