The upward trend of data breaches continues to threaten small, medium, and large businesses. As data breaches become more widespread, companies need to ramp up their security measures to prevent and respond to attacks. This may mean adding a dedicated Incident Response Team, implementing new technology, and training employees to not only be aware of how their actions contribute to creating breaches, but also to preemptively identify threats and mitigate the damages.
There is no question that 2016 data breaches are on pace to outstrip the record-setting figures of 2015. The ITRC has been reporting this increase all year in the US, with the latest June report indicating a 22% increase in number of data breaches. In the UK, Egress recently released their own study (based on an analysis of the security incidents reported to the ICO) indicating that same rise, broken down per industry, with 66% of business organizations experiencing a rise in data breaches over the past 3 years, while insurance firms saw the most dramatic rise, at 317%.
According to the new report, human error remains the top cause of data breaches, accounting for over 62% of all data breaches. This new data reiterates that while cyber attacks are on the rise, and data breaches are on the rise in both size and frequency, the root cause of these breaches remains the Insider Threat. Last month, Ponemon’s research indicated that 55% of organizations tied a security incident back to the Insider Threat.
Although we would like to blame individual employees when a breach occurs, there are often many factors that create an environment ripe to cause failures:
“Human error and data breach incidents continue to go hand-in-hand. Time and again we’re faced with this reality and yet as today’s statistics show, little effective action seems to have been taken to improve the situation. Clearly at a board level, mistakes continue to be made as priorities aren’t balanced, leaving companies exposed,” said Tony Pepper, CEO at Egress Software Technologies.
Experts agree that it is not just the fault of training, or technology, in preventing a data breach, but a combination of many factors:
People put data at risk, whether accidentally or maliciously. Creating a culture that fosters security is the first step. Implementing technology to gain visibility into where data resides, no matter where it resides is the next crucial step. A security policy only goes so far, when it’s being ignored (even by those who should know better!). Monitor and protect against malicious and negligent insiders, regardless of user, location or whether they’re on or off network with Absolute.