Most people’s parents taught them that honesty was a virtue. Benjamin Franklin is attributed the quotation ‘Honesty is the best Policy.’ Although the use of the word ‘policy’ may make people at Lloyds of London grimace as they pay out on some £2.1billion estimated insurance fraud every year.
Data Breaches which are reported are just the tip of a very large iceberg just waiting to cause disaster to organisations and people. The Verizon 2013 Data Breach Investigation Report- a very well researched and amusingly (yes really) written report identifies that most of their respondents identify external threats as the most common and only 14% of incidents reported are from ‘Insiders.
But let us look at the psychology behind these figures and behaviour. Willis, in their ‘Fortune 1000 Cyber Disclosure report’ noted that 17% of all the top Fortune 1000 had reported no incidents at all. The survey also stated that the 1000 companies rated Privacy/data loss, Reputational risk and malicious internal acts as their top three IT concerns. Cifus report that insider breaches are 43% up in 2012 from 2011. Iron Mountain suggest that an investigation they undertook stated that 8% of dissatisfied employees would actively breach data rules by either stealing IP, or causing data issues as revenge! And companies like turkeys are not going to vote for Christmas, and report internal incidents which do nothing but harm to their reputations and in some cases pockets.
So having decided that despite the reluctance of top companies to admit to issues or to report the same, the ICO has compiled figures which show that of the actual reports they have received over 52% of the reported events are concerning data released or disclosed in error. Inside issues.
Most people are in fact honest and would not deliberately breach data rules or company policy regarding people’s information or secure data. BUT.. Today’s working habits often predicate towards these situations where the accidents are just waiting to happen. How many teachers could survive their hectic and difficult working lives without bringing planning, marking, or research work home? Often sent by the corporate email straight onto the private email system of the employee- Private being a very loose use of the meaning when Hotmail, Google, AOL and so on are the ‘private’ systems.
The efficiencies gained by the hot desk system- excellent in real estate terms, but not so hot when a person has in their possession copies of job applicants details, passports, driving licences and so on but has nowhere to safely keep it- probably ends up in that spare room/study art home!
So it actually boils down to a simple fact- Companies are seriously at risk from outside threats, hacking, malware, breaches and reacting strongly to them- Balancing the accessibility of data, its use by an organisation and its need to ensure security of data is not an easy task, but the real elephant in the room is the Insider threat- comparing the two the latter is technically easier to fix- perhaps culturally more difficult but possible.
If you want help fixing your insider threat and looking at solutions- talk to us.
Blog by Peter Lyne, Director, Apperception.