Four out of five organizations around the world (85%) suffered at least one data loss incident last year.
This is according to a new report from cybersecurity researchers Proofpoint, which says that most of the time, it’s not the computers’ fault – it’s ours.
Earlier this week, Proofpoint published its inaugural Data Loss Landscape report. This paper, which explores how current approaches to data loss prevention (DLP) are holding up against macro challenges, is based on a survey of 600 security professionals working in large enterprises, as well as data from the company’s Information Protection Platform, and Tessian.
The human factor is again to blame
According to the report, data loss is usually the result of poor interactions between humans and machines. “Careless users” are much more likely to cause data incidents, than compromised or otherwise misconfigured systems.
Proofpoint further claims that many organizations are happy to invest in DLP solutions, but these investments are “often inadequate”. Of all the organizations that suffered a data loss incident, almost nine in ten (86%) faced negative outcomes, such as business disruptions, or revenue losses (reported by more than half – 57% – of affected firms).
“Careless, compromised, and malicious users are and will continue to be responsible for the vast majority of incidents, all while GenAI tools are absorbing common tasks—and gaining access to confidential data in the process,” commented Ryan Kalember, chief strategy officer, Proofpoint. “Organizations need to rethink their DLP strategies to address the underlying cause of data-loss—people’s actions—so they can detect, investigate, and respond to threats across all channels their employees are using including cloud, endpoint, email, and web.”
Misconfigured databases – incidents in which employees, for example, forget to set up a password for a major database, are one of the most common causes of data leaks.
Over the years, we’ve witnessed millions of people lose their sensitive information that way. For example, early this year, Cybernews found an unprotected database holding sensitive information on the entire population of Brazil. Another example is a BMW security error that resulted in the leak of sensitive information belonging to its customers.