IN THIS ISSUE
Three research reports published this year confirm for a wide range of industries and geographies what the Healthcare Breach Barometer we examined last month found for healthcare: the source of a data breach is statistically more likely to be an employee than an outsider, such as a hacker. Given the additional data, we continue to advise that, in addition to technological solutions for securing sensitive data, a company’s data security strategy also should include robust employee communications and training on the appropriate handling of sensitive information. However, the research also indicates a significant gap between the actual source of most data breaches and executives’ perceptions of the most likely source of breaches.
THE CYBER THREAT GAP: MORE DATA ON INSIDER VS. OUTSIDER BREACHES
In last month’s issue of the Cybersecurity Monitor, we analyzed the findings of a new Healthcare Breach Barometer (Barometer). We noted in particular that, in the first six months of 2016, the majority of reported cyber breach incidents (58.6 percent) involved employees. Less than half (41.4 percent) involved hacking (including malware and ransomware). The July Barometer found an even greater gap. Of the 39 reported incidents, 61.6 percent involved employees, while only 28.2 percent involved hacking.
This gap between “insider” and “outsider” breaches is not specific to healthcare. According to three research reports published this year, the gap can be found across industries as well as geographies.
- IBM’s 2016 Cyber Security Intelligence Index, which was published in April, found that, in 2015, 60 percent of breaches involved insiders – whether inadvertent actors (15.5 percent) or malicious insiders (44.5 percent) – while 40 percent involved outsiders. IBM’s findings were based on data from more than 8,000 clients in over 100 countries.
- Accenture’s June report, The State of Cybersecurity and Digital Trust in 2016, found that 69 percent of the 208 companies surveyed experienced an attempted or successful theft or corruption of data by insiders during the prior 12 months. By comparison, 57 percent said they had experienced similar risks from outsiders. In addition, 48 percent of respondents indicated they were strongly or critically concerned about insider data theft and malware infections in the next 12 to 18 months.
- A Ponemon Institute research report published in August found that, of the approximately 50,000 IT practitioners surveyed in the U.S., United Kingdom, Germany, and France, 63 percent said insiders were most likely to cause the compromise of insider accounts.
In the light of these four publications, we decided to look back at the media coverage of this summer’s cyber breach incidents. To give just a sampling of the headlines:
“Acer store flaw let a hacker steal a year's worth of credit cards,” ZDNet, June 17
“Hard Rock Las Vegas Reports Card Data Breach,” Wall Street Journal, June 27
“Wendy’s Says About 20% of U.S. Franchise Stores Affected by Cyberattack,”Wall Street Journal, July 7
“Most companies still can't spot incoming cyberattacks,” ZDNet, July 18
“Hackers take aim at small banks and credit unions,” Property Casualty 360, August 1
“20 hotels suffer hack costing tens of thousands their credit card information,” Ars Technica, August 15
While our review was in no way systematic, a pattern does suggest itself: Outsider intrusions, especially hacks, merit headlines more so than do insider breaches.
There may be any number of reasons for why the media focuses more on outsider threats. We suggest one: the media’s focus reflects the cybersecurity priorities of corporate executives. The Ponemon Institute, for instance, found that, despite nearly two-thirds of respondents saying insiders were the most likely source of data breaches, more also said outsider threats worry their companies most. Similarly, Accenture found that, in the coming 12-18 months, respondents said they are equally as concerned about outsider as about insider threats, even though insiders accounted for more data breaches in the previous 12-18 months.
The research establishes a strong case that, statistically, data breaches are more likely to involve insiders than outsiders. It also indicates a significant gap between the actual source of most data breaches and executives’ perceptions of the most likely source of breaches. Cybersecurity training for employees is one of the most important steps a company can take to protect itself. Yet as long as executives believe the biggest cyber threats are external, they are less likely to prioritize internal training.