Here’s an attention-grabbing statistic: 63% of data breaches are caused by employees who’ve failed to secure company assets in accordance with their organization’s security policies. Not good news for IT managers who’ve already got their hands full fending off external attacks.
Lost or misplaced corporate assets, stolen laptops and smartphones and “inadvertent misuse” of access privileges and equipment give IT more headaches than would-be data thieves, according to a new research report from Forrester.
The survey of more than 7,000 employees from North America and Europe found only 25% of data breaches are the result of external attacks. The percentage of data breaches caused by people on the inside who meant to cause harm was even lower (12%). The rest were blamed on negligent users.
What kind of data is being compromised? Of the cases reported by those polled, Forrester found:
- 22% included employee and customer data
- 19% included intellectual property, and
- 11% included usernames and passwords.
Many of the participants in Forrester’s survey said although they have security policies in place, they don’t have the proper tools to enforce them.
BYOD just making matters worse
What’s more, the consumerization and BYOD trends aren’t helping matters any. When asked about their mobile security concerns:
- 30% said the separation between personal and company data on mobile devices is inadequate
- 39% said they worry about weak data leak protection on mobile devices
- 50% said they worry about physical theft, and
- 25% said they don’t have any data protection implemented on devices other than native features like passwords or passcodes and remote lock-and-wipe.
So it seems that BYOD is only adding to the risk of internal data breaches. Given that the study found just 56% of the employees surveyed were aware of their company’s current security policies, it’s probably a good idea to review security best practices with your users before issuing them mobile devices or allowing them to bring their own to work.