The state of data security can be summed up by this troubling discord: breaches and security incidents continue rising, even as companies dedicate more resources to stopping them. The pandemic has made this situation even worse. The shift to work from home has created a growing reliance on collaborative technology, moved data off the corporate network and in many cases off the radar for security teams. The end result? More insider threat incidents.
Even before the pandemic, reports from the first half of 2019 show that overall data breaches were growing by 54%— and the Ponemon Institute found that insider threat incidents increased by 47% over the last two years. These incidents are taking longer than ever to discover — an average of 279 days. However, these growing problems are not for lack of awareness or action.
To better understand this dissonance, Code42 recently commissioned Forrester to conduct a survey of IT and Security leaders, representing businesses with more than 1,000 employees and a variety of industries. They sought to understand what security priorities companies are focused on, what tools they are using to address their goals and what challenges they’re encountering. The results show that the tools security teams are using are not aligned with their changing priorities related to securing the collaboration culture. Specifically, for companies using DLP and CASB tools in their insider threat programs, less than one in four said these tools were significantly helping them — and nearly half (43%) said that DLP and CASB tools were hurting their efforts.
Policy-based tools create headaches for teams, given their complexities and the time to manage them. Among the respondents with DLP and CASB tools, 77% said the capabilities are too difficult to implement, maintain and administer, and 55% said they lack the time or personnel to manage the tools. This can lead to blind spots for security and IT teams, as they can’t keep up with the file movements within the organization.
Clearly, something has to change in the approach and tools companies use to address insider threats. To dig deeper into the results and the implications of changing data security priorities, check out the full Forrester survey results and Code42’s takeaways.