Share this article on:
Australian organisations are losing data at an alarming rate and careless users are the number one cause.
A new report from Proofpoint has shed light on the main causes of data loss inside Australian companies, and the number one cause is not what you might think…
It’s not hackers that are the problem, it’s the users of that data inside an organisation that tend to be the main cause of data loss.
According to Proofpoint’s Data Loss Landscape report – which surveyed 600 security professionals at organisations with more than 1,000 employees across 17 industries from 12 countries, including Australia – the bulk of all data loss events are caused by a small number of privileged users.
“This research illuminates the most critical aspect of the data loss problem: its human causes,” Ryan Kalember, chief strategy officer at Proofpoint, said in a statement.
“Careless, compromised, and malicious users are and will continue to be responsible for the vast majority of incidents, all while GenAI tools are absorbing common tasks – and gaining access to confidential data in the process. Organisations need to rethink their DLP strategies to address the underlying cause of data loss – people’s actions – so they can detect, investigate, and respond to threats across all channels their employees are using including cloud, endpoint, email, and web.”
The hard numbers are stark. The survey found that, globally, 1 per cent of users were responsible for 88 per cent of data loss events. Looking at Australian organisations, 70 per cent of respondents felt that employees such as finance professionals and HR specialists, who have the most access to sensitive data, represented the greatest threat.
The survey also found that Australian organisations suffer a mean average of 19 data loss events in a single year, and 66 per cent of those were caused by “careless users” falling victim to phishing sites, misdirecting emails, or installing non-business software.
Proofpoint found that departing employees were a particular risk. Globally, 87 per cent of anomalous file exfiltration events from cloud environments were caused by employees leaving the organisation; not necessarily maliciously, either. Some employees simply think they’re entitled to take information with them.
Unsurprisingly, one of the biggest areas of concern is the growth of generative AI, as more and more users plug sensitive data into tools such as ChatGPT.
“Emerging channels underscore the importance of regularly reviewing DLP programs, as these types of rapid developments change user behaviours,” Kalember said.
“Strategies such as implementing purpose-built DLP platforms can help advance security programs by enabling security teams to gain full user and data visibility into all incidents and address the full spectrum of human-centric data loss scenarios. Humans are a critical data security variable – and data loss prevention programs must recognise this.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.