Saturday, September 26, 2020

ESET-3 types of employees that can cause a data breach

When it comes to cybercrime, it’s easy to imagine that the biggest threat to a company is external. However, more and more companies are realizing that trusted and trained employees can also pose an enormous threat.

Indeed, a recent report by Haystax Technology discovered that 74% of organizations questioned “feel vulnerable to insider threats,” with 56% of security professionals certain that “insider threats have become more frequent” over the past year.

While some attacks and breaches are caused by employees with a grudge, many also occur due to negligence – perhaps ignoring a warning; failing to follow procedure – or simple human error. ESET, the global pioneer of proactive security software and protection solutions has identified three types of employees that can cause a data breach.

  1. Innocent actions

When it comes to breach of data, innocent workers can cause as much damage as malicious hackers; a lesson learned by local authorities in Norfolk, Suffolk and Cambridgeshire, UK, which recorded over 160 data breaches between 2014 and 2015, the majority due to human error (including mobile phones being lost, letters being misaddressed and even a filing cabinet containing sensitive data being sold to a third party).

Another example can be seen with the 2016 data breach at the American firm Federal Deposit Insurance Corp. (FDIC). In this instance, an innocent former employee “inadvertently and without malicious intent” downloaded sensitive data onto a personal storage device.

With cases like those above, it is hardly surprising that 74% of those surveyed by Haystax were most concerned about this type of inadvertent data breach.

  1. Careless or negligent?

Users know the security warning that flashes up on their screen – do they always take immediate action? A survey by Google in 2013 discovered that 25 million Chrome warnings were ignored by 70.2% of the time partly due to users’ lack of technical knowledge, which led to the tech giant simplifying language it uses for its warnings.

  1. Malicious

Unfortunately, as well as human error, malicious actions by employees also play a part in insider data breaches. This is illustrated by the story of the UK’s communications regulator OFCOM, which discovered in 2016 that a former employee had sneakily been gathering its third-party data. Shockingly, the malicious activity had been taking place over a six-year period.

UK supermarket giant Morrisons also reportedly fell foul of a disgruntled employee who posted the personal data of nearly 100,000 of its staff on the internet. Although the incident occurred in 2014, the company is still facing the prospect of further legal action by staff over the breach.

What can be done?

According to a 2016 survey, 93% of respondents consider human behavior to be the greatest risk to data protection. Nuix, which commissioned the survey, believes that corporations may start reprimanding employees who “misunderstand, misinterpret, or miscalculate longstanding security policies and procedures”.

And with the impact of a data leak causing damage to businesses, including financial losses and the damage to a firm’s reputation, it’s unsurprising that companies are open to finding ways to mitigate and limit computer misuse.

Increase employee awareness

Perhaps the most logical step for employers is to ensure that all employees are aware of the potential impact of their actions, and how to avoid inadvertent data loss. It is also important to involve all employees in appropriate training, rather than simply those involved directly with IT. 

Keep information safe

According to ESET’s Stephen Cobb, “there are a million reasons to encrypt data”. While not embraced by all, encrypting data could be an important part of preventing data loss. 

Monitor data, and behaviours

Keeping a close eye on computer use and the behaviours of individuals should enable businesses to remain aware of and identify unusual or risky activity. BOYD (bring your own device) schemes which operate in many companies should also be carefully monitored and controlled.

Look to the future

With the risk posed by employees – however innocent – potentially catastrophic to business, it is hardly surprising that employers seem set to take a much tougher approach to insider security threats in future years.


Towards Creating Career Opportunities: Interview with Pakiza Abdulrahman

Bahrain Economic Development Board is an investment promotion agency chaired by His Royal Highness Prince Salman bin Hamad Al Khalifa, the Crown Prince, Deputy Supreme...

Plans to improve electricity, water services discussed

Electricity and Water Affairs Minister, Wael bin Nasser Al-Mubarak, received here today the representative of the third constituency of the Northern Governorate at the...

BRAVE CF 42 full fight card released with 12 nations represented and the Flyweight Tournament quarter-finals

BRAVE Combat Federation returns to the Kingdom of Bahrain, for the second consecutive week with BRAVE CF 42, on September 24th. The promotion released the full...

HH Shaikh Nasser bin Hamad receives INJAZ Bahrain Board Chairperson

Representative of His Majesty the King for Humanitarian Work and Youth Affairs His Highness Shaikh Nasser bin Hamad Al Khalifa received Board Chairperson of...

KHK MMA dominates at BRAVE CF 41 with four huge victories

BRAVE Combat Federation hosted the first of three groundbreaking events last Thursday in the Kingdom of Bahrain, with seven bouts taking place behind closed...

BD 150,000 ‘Shop & Win’ anniversary bonanza

Lulu Hypermarket is celebrating its 13th anniversary of being a retail leader in the Kingdom of Bahrain with a grand ‘Shop and Win’ e-raffle...

Health Ministry: target of 6000 volunteers reached

A total of 6000 people hailing from different nationalities have volunteered for the phase III COVID-19 vaccine clinical trials. The Ministry of Health has announced...

Gulf Air Resumes Direct Flights to Dhaka

Gulf Air, the national carrier of the Kingdom of Bahrain, announces that it has resumed its direct flights to and from Dhaka’s Hazrat Shahjalal...

Gulf Air Appoints Bahraini Country Manager in Kuwait

Gulf Air, the national carrier of the Kingdom of Bahrain, announces that it has appointed Mr. Mohamed Ibrahim Al Hamer as a Country Manager...

Batelco Launches Unlimited Business Mobile Packages

Batelco has unveiled its latest business mobile packages in a complete refresh of its existing packages, targeted at business customers including entrepreneurs, SMEs and...

Driver License and Vehicle Certificates Can Now Be Issued Via!

Having earlier introduced a number of traffic services such as Payment of Traffic Conventions and Issuance of International Driving Licenses, the National Portal

GLOMAT – The First Thai-Bahrain Hybrid Virtual Business Meeting

The Royal Thai Embassy, in cooperation with the Office of SMEs Promotion (OSMEP) Thailand, Institution of Small and Medium Enterprises Development of Thailand and...

Health Minister urges compliance to reduce COVID-19 infections

Health Minister Faeqa bint Said Al-Saleh urged full compliance with the mandatory precautionary measures to curb the spread of the novel coronavirus (COVID-19). She called...

The National Medical Taskforce for Combating the Coronavirus (COVID-19) provided an update on the COVID-19 response in the Kingdom

The National Medical Taskforce for Combating the Coronavirus (COVID-19) today held a press conference at the Crown Prince Centre for Training and Medical Research...

Education Minister participates in virtual meeting

Minister of Education Dr. Majid bin Ali Al Nuaimi participated in the Arab Education Ministers meeting on endorsing the document of developing education in...