As we’ve covered in this blog in quite some depth, mitigating insider threat isn’t easy. Workers who are given trusted access to applications and data oftentimes sit in a great position to abuse that trust – either maliciously or unintentionally. After all, they usually know where the organization’s most valuable data resides. Unfortunately, the challenges we’ve seen to date are only the beginning. Our newly released 2020 Data Exposure Report reveals how cloud-based collaboration tools have forever transformed the way staffers share information and collaborate with their peers. As our report found, employees are now relying on countless numbers of messaging apps, file transfer services, and cloud apps to share data within — and without — their organizations.
Sure, employees have been sharing in ways that they shouldn’t, such as with corporate or personal email, for decades. But email is relatively easier to monitor than all of these new communication services and ways to collaborate. Today, email is but a portion of how staffers collaborate on data files. Employees today are using every app and cloud service they can as they try to work and be productive in ways that are most convenient to them.
This trend is undoubtedly giving security professionals heartburn. According to this survey, which is based on 4,505 knowledge workers in the U.S., U.K. and Germany, Austria, and Switzerland, staffers regularly rely on both cloud services that they’re authorized to use — and those that they aren’t. In fact, the survey found that 37% of respondents use unauthorized apps daily to share enterprise data and collaborate on work.
What unauthorized apps are employees using?
What unauthorized apps and services are insiders using to sidestep security policy, and why do they avoid those apps that have been sanctioned? Respondents said that they avoid enterprise approved apps because they find them complicated, slow and insufficient. The unapproved apps they turn to most often include WhatsApp (34%), Google Drive (30%), Facebook (29%) and personal email (26%).
This changing nature of how workers collaborate and the varying tools they use is proving too great a match for traditional insider threat programs. Too many insider threat programs today don’t have the ability to provide security teams the actionable insights they need to identify and mitigate data leaks. This is true whether those leaks are intentional or accidental.
This survey highlights just how far behind most enterprises are when it comes to reining in the risks associated with data loss, especially with both the growing collaborative work culture and as employees change jobs. As we’ve covered in depth over recent months, departing employees are a significant risk. Our survey confirms this.
The survey found that 51% of those surveyed believe that organizations overlook the risk to corporate data and that such risk is a more significant threat than they realize. Consider this: 65% of our respondents admitted that they have repeatedly taken data from former employers, and about one-third of those respondents said that they were encouraged by their new employers to share their infiltrated data with their new co-workers!
Still aren’t convinced that enterprises aren’t taking the departing employee risk seriously? Don’t just take my word for it. Rely on our survey, which found that 87% of employees surveyed said that their former employer did not verify whether they took data with them as they left.
If enterprises are going to successfully secure the collaboration culture and their data — and effectively mitigate insider threat — they are going to have to make significant adjustments in their approach to data security. They are going to have to find ways to detect and examine how data files are moving across endpoints and cloud services.
These data sharing and work collaboration trends are only going to increase in the years ahead. In fact, the pace of these trends will accelerate as more workers continue to collaborate how they want wherever there’s an Internet connection. Interestingly, despite an increased emphasis on file-sharing, 36% of workers have grown more complacent about data security. Finally, this survey confirmed what we already knew – that departing employees and insiders pose significant risks to data security whether they intend to or not. But, it also unearthed a few new nuggets. That includes, stunningly, many employers encouraging the use of data brought from new hires from their previous employers. The survey also uncovered how employees believe that the collaboration culture is making employees even more complacent when it comes to data security. And, ultimately, the survey showed that traditional data loss prevention tools just don’t work, especially in this age of job changing, and increased collaboration and file sharing. Don’t forget to get your copy of the full report, here.