Code42 recently concluded its 2021 Data Exposure Report which surveyed U.S. business decision makers and IT security leaders. The report uncovered the factors that are leading to the growing problem of Insider Risk including analysis of data loss after COVID-19, the challenges of building a program to address these risks, and why operating in maintenance mode with outdated tools may be a sunk cost to leave in 2020. The company has also released a second volume to the report, uncovering even more details.
To find out more about this report and its findings, VMblog reached out to Mark Wojtasiak, VP, Portfolio Marketing, Code42.
VMblog: Code42 recently released its 2021 Data
Exposure Report. Can you provide an overview of the study and what it covers?
Mark Wojtasiak: At Code42, we focus on highlighting
the importance of Insider Risk Management to protect company data and IP from exposure
caused by anything from well-intentioned actions by employees to malicious
activity like a departing employee taking source code to a competitor. For the
2021 Data Exposure Report, we focused on how COVID-19 has impacted data
protection practices. What we've found is that COVID-19 has created the perfect
storm for Insider Risk to spread like wildfire as companies have had to adapt
to fully remote workforces. Employees are logging on through home networks,
collaborating over the cloud and are outside of traditional security
ecosystems. The Data Exposure Report found that both business and security
leaders are allowing massive Insider Risk problems to mature in the aftermath
of the significant workplace shift in the past year. In this report, we examine
a number of factors, which we believe are leading to this growing threat.
We recently released a second
volume of the report, which centers around how data loss prevention (DLP) is no
longer an effective solution in mitigating Insider Risk and how to better
security risk management data, especially as employees continue to work
remotely.
VMblog: What are some of the key findings from the study?
Wojtasiak: Volume 1 of The 2021 Data Exposure
Report found that employees are 85% more likely today to leak files than they
were pre-COVID. Since the start of the pandemic, 61% of IT security leaders
said their remote workforce was the cause of a data breach. Security teams are
operating in maintenance mode with outdated tools, which aren't adapted to the
collaboration tech we use in our daily work - and that is leaving organizations
exposed as they look to the future.
Many organizations are up against
numerous challenges as more than half of organizations don't have an insider
risk response plan, yet six in 10 IT security leaders expect Insider Risk to
increase significantly throughout 2021. 40% of organizations don't assess how
effectively their technologies mitigate insider threats. While traditional data
loss prevention (DLP) tactics sound good in concept, most security teams
describe using these solutions as "painful" as roughly 66% of
organizations say that DLP solutions frequently block employees from accessing
data even if they are within policy with 76% of organizations suffering a data
breach despite having a DLP solution in place. It's critical to think about
where DLP falls short in areas such as data portability, intellectual property
protection and system complexity.
VMblog: How has COVID impacted the way security teams protect data?
Wojtasiak: Prior to 2020, security teams were
already grappling with securing rapidly expanding digital workspaces brought on
by the cloud and other digital transformation initiatives. When public health
protocols and social distancing spurred a rapid shift to remote work, security
teams went from protecting dozens of endpoints in a controlled environment to
thousands across a rapidly dispersed, remote workforce. The need for employees
to remain productive during this time meant many turned to alternative
collaboration tools outside of corporate-approved applications, which only
increases the risk of data exposure or file exfiltration. In fact, according to
the Data Exposure Report volume I, 76% of IT security leaders said their
organization had experienced one or more data breaches involving the loss or
theft of sensitive information contained in documents or files in the last
year.
VMblog: Where are organizations seeing the biggest challenges when dealing
with Insider Risk?
Wojtasiak: Two words - all fronts. According to IT security leaders, it takes roughly 118
days to identify a data breach and 55 days to contain one. One reason as to why
this process takes so long is because there is a disconnect between who owns
security management and has the ultimate authority. IT Security leaders put
line of business leaders (44%),General Counsel (33%) and end users (30%) ahead
of CISOs (28%) according to the 2020 DER. Bottom line, there needs to be better
collaboration among IT security lines of business.
Security teams using traditional
security solutions do not have visibility into the events that lead to data
exfiltration-preventing them from understanding the damage already done and
from stopping future threats. One example of this is when an employee leaves
for another company and tries to take data with them. Security teams have no
way of knowing the extent to which sensitive information has been compromised.
According to the DER volume II, 72% of the time, security professionals do not
have the necessary context to know if they should close or pursue an
investigation.
Another area of contention is IT
budgets, as two-thirds (66%) of IT security leaders believe their budget for
Insider Risk is insufficient, yet 54% of IT security leaders spend less than
20% of their budgets on Insider Risk. Companies must empower employees to take
responsibility and follow best security practices to help mitigate possible
Insider Risk.
VMblog: How can organizations best protect against Insider
Risk?
Wojtasiak: 56% of security teams lack historical
context into user behavior meaning that security teams have no idea when an
employee may become a risk. The first step is to recognize potential Insider
Risk indicators and then take the proper actions to build a well laid out risk
program. Such steps include putting technologies and processes in place that
can identify risky behaviors, such as working off-hours, changing file
extensions, and having access to the files of a highly confidential project,
without inhibiting the organization's collaborative culture and employee
productivity. It's critical to find technologies that flag insider risk
indicators. Once these risk indicators are identified, it's critical they're
put in context with other events in the business and, if necessary, acted on to
prevent further damage.
VMblog: What does the future hold for Insider Risk?
Wojtasiak: 59% of IT security leaders say insider
threats will increase or significantly increase in the next two years. The
pandemic proved that employees today are more likely to leak data than they
were before. However, it proved that collaboration culture - with widely
distributed workforces that use collaboration technologies - is highly
productive and is not leaving anytime soon. Security teams must embrace shifts
in workplace culture and adapt their Insider Risk strategies accordingly.
Organizations are realizing that relying on prevention and dated tactics like
DLP will not work. There are simply too many vectors to cover that traditional
data loss protection solutions aren't designed to handle. A faster, simpler,
more comprehensive path to data loss detection and response is the answer.
##