Internal Breaches: The threat that’s too close to home

There were 108.9 million accounts were breached in the third quarter of 2022. This is a 70% increase compared to the second quarter. However, despite a common belief that attacks mostly involve cyber espionage or are state-sponsored, our research found that 42% of security incidents actually come from inside the organization. Since the introduction of data protection laws, such as GDPR, it is compulsory for all businesses to actively protect sensitive data and so it is the responsibility of company executives and their departments in conjunction with IT to ensure that company data, wherever it resides, remains secure.

Whilst attacks from external hackers continue to present an ongoing danger to businesses, by unpacking these reported breaches, it is clear that the threat from within the organization is just as great.

With 65% of these internal incidents being identified as accidental or inadvertent, rather than malicious in intent, employees clearly pose a threat to their employer through day-to-day actions such as haphazardly sharing sensitive data across the internal network. The more people who have access to information the greater the risk of a leak.

With GDPR now in full effect, every department within an organization will need to recognize the potential security dangers associated with the data they use. Shared responsibility clauses within GDPR rules means that should a third party, who you have shared sensitive information with, lose the data, you are equally responsible as they are. This change makes it all the more important that staff members are aware of their own behavior and consequences when it comes to information protection.

In order to reduce the risk of an internal security breach, organizations must address employee use and education around data handling as a starting point.

Knowing what’s at stake

• Every department in a company holds critical data; whether that’s information on salaries held by finance or CVs of potential employees handled by HR. Employees in these departments must understand the ramifications if they were to leak data. Regular training and data security workshops will help educate employees about how to safeguard the data they handle and motivate them to care about the consequences of a breach, especially if they are held accountable.
• Dealing with sensitive information is not just under the remit of employees, it needs to include consultants and other third-party contractors inside the organization as well as other organization who are in the information supply chain.

Planning for data protection

• Alongside educating employees, organizations need to ensure they have policies and processes in the plan which ensure that data sharing between employees remains within the remit of compliance and will not cause a data breach. Policies around internal information distribution and what to do should you share critical data with an unauthorized colleague – also known as ‘the wrong Dave’ – must be implemented to give employees the greatest chance of reducing the risk they pose.
• In the event of a breach, or unauthorized data sharing there needs to be a process to resolve the problem quickly and in a manner which encourages reporting of incidents, rather than fear that there will be severe repercussions. Not reporting an incident, due to fear, could result in the incident becoming a serious issue with all the repercussions on the business that data loss can have.

Securing the network

• As much as educating people and defining policies across the organization is extremely important in minimizing insider security threats, people will always make mistakes at one point or another. Therefore, implementing technologies which act as a safety net is important – it will enforce the policies and protect the people, ensuring critical information remains safe at all times. While many organizations tie-down access control to fileservers and collaboration application such as SharePoint, internal email is frequently forgotten about as a way anyone can send anything to anybody. Clearswift’s Secure Exchange Gateway (SXG) ensures critical information is protected and compliance is maintained by detecting and preventing unauthorized sharing of content. Using Adaptive Redaction functionality, SXG identifies violations in conversations or documents and can automatically remove the sensitive data as it passes within a company’s Microsoft exchange network.