Insider Data Theft on the Rise

Rapid advances in technology—coupled with tech’s rising complexity—often leave many businesses with limited cybersecurity and vulnerable to attacks. IT and security personnel are constantly fighting against ransomware and phishing, yet they may be at risk of betrayal from other employees.

According to a report by research firm Aberdeen Group, Understanding Your Insider Risk and the Value of Your IP, organizations should expect a surge in corporate data loss and exfiltration. Despite a few high-profile lawsuits in favor of organizations betrayed by insiders, a good percentage of employees still don’t see much problem in taking data or intellectual property (IP) with them to their next employer.

Reasons for data theft

The combination of widespread adoption by insiders of personal cloud-based applications, employee turnover, authorized access by contractors and third parties, and an increasingly hybrid workforce results in an average of 13 daily exposure events per user, according to Aberdeen.

Moreover, Aberdeen’s research reveals that at least one in three reported data breaches involves an insider, which can cost companies up to 20 percent of annual revenue per year.

In addition, Aberdeen discovered that 75 percent of organizations don’t have consistent, centralized visibility into their environments. They saw that most lack the tools necessary for visibility into how much enterprise file movement the organization has and how frequently valuable files are exposed by legitimate users carrying out their day-to-day activities.

“Valuable enterprise files are always on the move in support of initiatives for productivity, collaboration, digital transformation, and intelligent automation,” said Derek Brink, an analyst at Aberdeen. “The past three years have shown that potential data loss or exposure is more likely to succeed on endpoints than on servers and it’s getting worse.”

Resignations increase risk

When COVID-19 hit, a lot of personnel were let go—including many in IT. A year or more later, organizations are struggling to tempt people back into the workforce and persuade workers to return to the office.

If the Aberdeen forecast is correct, there already have been—and will continue to be—a great many attempts to take data and IP out of the company.

The Microsoft 2021 Work Trend Index has documented these disturbing trends from the employer’s perspective. The report notes that 40 percent of people surveyed plan to change jobs this year. Other data points to highlight:

  • In IT, 14 percent of those switching jobs want a role at a different company
  • 11 percent want to start a business
  • 11 percent intend to become part-time
  • 10 percent are either moving locations or becoming a contractor
  • 8 percent intend to abandon IT completely

Those numbers have many business leaders worried about data theft. Some employees may try to use it when they start new businesses or become contractors, and others may use it to lure a potential employer to take them on, especially in the case of customer databases. 

Protecting your data from insider threats

As changes in employment caused by the great resignation increase, IT teams should be prepared for insider threats. Businesses may even want to consider implementing security solutions that will increase visibility on file activity and insider risk.

Insider risk management software can offer better visibility into corporate file movement, vectors, and user activity to ensure product specs, customer pricing plans, and source code isn’t being moved to an untrusted or unrecognized place. Some platforms can also allow security teams to mitigate file exposure and exfiltration risks without disrupting legitimate work and collaboration.

Read next: Best Risk Management Software

Drew Robb
Drew Robb
Drew Robb has been writing about IT and engineering for more than 25 years. Originally from Scotland, he now lives in Florida.

Latest Articles