Email revealed to be riskiest channel for data loss

More
than
half
(60%)
of
organisations
experienced
data
loss
or
exfiltration
caused
by
an
employee
mistake
on
email
in
the
last
12
months,
according
to
new
research
from
the
Ponemon
Institute,
and
sponsored
by
Tessian.

Email revealed to be riskiest channel for data loss

More
than
half
(60%)
of
organisations
experienced
data
loss
or
exfiltration
caused
by
an
employee
mistake
on
email
in
the
last
12
months,
according
to
new
research
from
the
Ponemon
Institute,
and
sponsored
by
Tessian.

Email
was
revealed
as
the
riskiest
channel
for
data
loss
in
organisations,
as
stated
by
65%
of
IT
security
practitioners.
This
was
closely
followed
by
cloud
file-sharing
services
(62%)
and
instant
messaging
platforms
(57%).

The
Ponemon
Institute
surveyed
614
IT
security
practitioners
across
the
globe
to
also
reveal
that:

  • Employee
    negligence
    was
    the
    leading
    cause
    of
    data
    loss
    incidents
    (40%),
    in
    the
    last
    12
    months
  • More
    than
    a
    quarter
    (27%)
    of
    data
    loss
    incidents
    are
    caused
    by
    malicious
    insiders
  • It
    takes
    up
    to
    three
    days
    for
    security
    and
    risk
    management
    teams
    to
    detect
    and
    remediate
    a
    data
    loss
    and
    exfiltration
    incident
    caused
    by
    a
    malicious
    insider
    on
    email
  • Almost
    one
    in
    four
    (23%)
    organisations
    experience
    up
    to
    30
    security
    incidents
    involving
    employees’
    use
    of
    email
    every
    month

Furthermore,
the
majority
of
respondents
(54%)
said
that
the
primary
barrier
to
securing
sensitive
company
data
is
the
lack
of
visibility
of
sensitive
data
that
is
transferred
from
the
network
to
personal
email.

The
study
also
found
52%
of
respondents
say
it
is
the
inability
to
detect
anomalous
employee
data
handling
behaviours
and
the
inability
to
identify
legitimate
data
loss
incidents.

Due
to
this
lack
of
visibility,
it
can
take
IT
security
teams
almost
three
days
(72
hours)
to
detect
and
remediate
a
data
loss
and
exfiltration
incident
caused
by
a
malicious
insider
on
email
and
up
to
two
days
(48
hours)
to
detect
and
remediate
an
incident
caused
by
employees.

The
report
revealed
that
the
majority
of
organisations
(73%)
are
concerned
that
employees
do
not
understand
the
sensitivity
or
confidentiality
of
data
they
share
through
email.

Despite
these
findings,
nearly
half
of
IT
security
leaders
surveyed
(46%)
say
their
programs
properly
address
the
sensitivity
and
confidentiality
of
the
data
that
employees
can
access
on
email.

Josh
Yavor,
chief
information
security
officer
for
Tessian,
commented,
“Most
security
awareness
training
programs
focus
on
inbound
threats,
yet
fail
to
adequately
address
the
handling
of
sensitive
data
internally.
But
data
loss

whether
accidental
or
intentional

is
a
major
threat
and
should
be
treated
as
a
top
priority.

“To
create
awareness
and
mitigate
data
loss
incidents,
organisations
need
to
be
proactive
in
delivering
effective
data
loss
prevention
training
while
also
gaining
greater
visibility
into
how
employees
handle
company
data.

“Security
awareness
training
that
directly
addresses
common
types
of
data
loss

including
what’s
okay
to
share
with
personal
accounts
and
what’s
not
okay
to
take
with
you
when
you
leave
a
company

and
a
culture
that
builds
trust
and
confidence
among
employees
will
improve
security
behaviours
and
limit
the
amount
of
data
that
flows
out
of
the
organisation.”

Larry
Ponemon,
chairman
and
founder
of
Ponemon
Institute,
says,
“This
study
showcases
the
severity
of
data
loss
on
email
and
the
implications
it
has
for
modern
enterprises.

“Our
findings
prove
the
lack
of
visibility
organisations
have
into
sensitive
data,
how
risky
employee
behaviour
can
be
on
email
and
why
enterprises
should
view
data
loss
prevention
as
a
top
business
priority.”

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.