Headlines about large-scale data breaches are an almost expected occurrence in mainstream media today, but a new study shows that IT professionals are just as concerned about the less publicized and more prevalent data leaks.
While not as attention-grabbing as malicious data breaches, data leaks offer their own set of concerns and challenges for organizations handling sensitive and confidential information.
The study, the 2015 State of File Collaboration Security, conducted by Enterprise Management Associates (EMA) on behalf of file security company FinalCode, reported that 80 percent of information security professionals have experienced a data leak.
The term “data leak” pertains to any information that is shared inappropriately, sent to the wrong email address, stored on a computer that was lost or stolen, or compromised through a general system security gap.
David Monahan, research director for security and risk management with EMA, said a majority of the 150 participants from mid-market and enterprise markets reported data loss as a substantial concern, while the minority reported moderate concern on the topic.
“The thing that stood out to me the most, in terms of setting the tone of what’s going on in the marketplace, was the fact that everybody was concerned about data and file loss due to either inappropriate sharing or unauthorized access,” he said. “Seventy-five percent came out as very concerned to concerned, and 25 percent were moderately concerned.”
The researcher said he expected to see the opposite.
Perhaps more telling than concern about leaks was the fact that a large portion of respondents had actually experienced file losses and more than half experience leaks regularly within their organizations.
“Within the study, 83 percent of the people said they had some kind of significant file leakage via either insider-to-outsider or insider-to-insider. Fifty percent [of respondents] said that happens frequently in their organization.”
Monahan said while the incidents were not malicious in their intent, they still pose a significant risk to the integrity of information security.
“The respondents, when you look at inappropriate sharing via insiders-to-external organizations … those were the highest concerns over hackers and malware. So people believe those are happening inside their organizations very often,” he said.
The researcher said intuitive file access controls could help to curb unauthorized sharing when coupled with policy best practices.
From the file security industry end of the discussion, Scott Gordon, COO of FinalCode, said in many cases security ends once a file is shared. The FinalCode platform offers persistent user and file access controls in addition to existing security initiatives.
While the sender’s organization may have security controls in place, Gordon said there is no guarantee of what will become of the file at its final destination.
“What essentially is the new data leakage frontier is unstructured data,” he said. “… And the question becomes, once that data leaves the safeguard of a perimeter or a container, you lose security, you lose auditability, tracking and potentially lose integrity.”
Despite the industry participants being well aware of the challenges facing them in file security, Gordon said their confidence in their existing file management is limited.
“We actually thought those folks would not have an appreciation for how big the issue is. We were intrigued by the fact that everybody is concerned about this risk. People are seeing that this is happening more frequently than not,” he said. “Only 60 percent of folks that are managing this risk were only moderately confident in their controls for monitoring, reporting and auditing.”
Though there is no silver bullet cure, Gordon said the majority of companies involved in the study are investing in greater internal-to-internal and internal-to-external file security solutions.