From Ponemon Institute
Nearly three-quarters of surveyed organizations are not confident in their ability to manage and control employee access to confidential documents and files.
The results are in the latest Ponemon Institute survey titled, “Risky Business: How Company Insiders Put High Value Information at Risk,” released this week by Fasoo, Inc.
The institute surveyed 637 U.S. IT security practitioners familiar with their organization’s approach to protecting data, documents and files against cyberattacks. All organizations surveyed use some type of document and file-level security tools.
“What should be concerning to C-level executives and corporate boards is that most organizations have no idea where mission-critical information is located on the corporate network, who has access and what they are doing with that information,” said Bill Blake, Fasoo’s president.
Key findings from the study include:
- Company insiders are the biggest threat – The primary cause of data breaches experienced by companies was the careless employee (56 percent) followed by the lost or stolen device (37 percent).
- Locating the crown jewels – Almost 70 percent of respondents do not know where confidential information is located and more than 60 percent don’t have visibility into what confidential documents and files employees are sharing.
- Where are the leaks – Seventy-three percent responded that it was likely their organization had lost some confidential information over the past 12 months. Half of all respondents say their organization is highly effective in preventing leakage by external attackers and hackers yet less than half are as confident in preventing data leakage by careless employees.
- Highest risk departments – Sales departments pose the greatest risk to information assets, both structured (69 percent) and unstructured data (58 percent). C-level executives and Human Resources (79 percent) account for more than half of unstructured data risk while Human Resources and Finance and Accounting (71 percent) pose more risk with structured data.
- Setting policies and enforcing them – Eighty-three percent of organizations struggle with determining the appropriate level of confidentiality documents and files should possess. Determination is based on data type, policies or data usage, but only 13 percent use access as the determining factor while only 16 percent are using a content management system. Even if the organization has properly identified confidentiality, only 15 percent of respondents are confident that they are highly effective in limiting access.