“You name it, we have seen it,” he said. “Salespeople are taking data from Salesforce and uploading it to Dropbox. Finance people are taking corporate financial information and emailing it to their Yahoo accounts. HR folks are using Airdrop to take sensitive salary data. But the fastest growing and scariest incidents we are seeing recently are software developers pushing source code to their own personal cloud repos (like Gitlab or GitHub) using git commands on their endpoint.”
While almost all (99%) of the respondents said their company has a data protection system in place, 78% of cybersecurity leaders admit they have still had sensitive data breached, leaked, or exposed in 2023. Findings also revealed that over the last 12 months, 55% of insider-driven data exposure, loss, leak, and theft events have been intentional, while 45% were unintentional.
Under-skilled and distributed workforce a challenge
Seventy-nine percent of the respondents said their cybersecurity team suffers a skill shortage, leading their companies to turn to AI (83%), of which 92% depended on GenAI tools. These leads to potential insider threats.
Additionally, 73% of the respondents stated that data regulations are unclear, while another (68%) are not fully confident their company is complying with new data protection laws.
“Unclear guidelines may be generic or broad-based regulations that make it difficult to know what technology and processes would make an organization compliant,” Payne explained. “Auditors and cybersecurity teams need to work together to meet compliance requirements in a way that aligns with the needs of their company.”
According to Payne, the three leading factors contributing to insider-driven data losses are the high portability of data, multiple exfiltration channels available in most organizations, and a completely distributed workforce.