TRENDING practices such as implementing data loss prevention policy rules for email , web uploads , cloud file synching and other common data exfiltration methods .
Misdirected email is one of the simplest and most significant sources of data loss
According to 2023 data from Tessian , about one- third of employees sent one or two emails to the wrong recipient . That means a business of 5,000 employees can expect to deal with around 3,400 misdirected emails per year . A misdirected email containing employee , customer or patient data can potentially trigger a significant fine under GDPR and other legal frameworks .
Generative AI is the fastest growing area of concern : tools such as ChatGPT , Grammarly , Bing Chat and Google Gemini are increasing in power and utility , and more users are inputting sensitive data into these
Organisations experienced the equivalent of more than one incident per month ( a mean of 16 data loss incidents per UK organisation in the past year ).
applications . ‘ Browsing GenAI sites ’ has become one of the top five DLP and insider threat alert rules configured by organisations using Proofpoint ’ s Information Protection platform .
Consequences of malicious actions can be costly
Just over one-fifth ( 21 %) of UK respondents said malicious insiders such as employees or contractors were behind data loss incidents . Malicious actions and departing employees who seek to harm the organisation can have even greater implications than careless insiders because these individuals are motivated by personal gains .
Departing employees were identified as the third riskiest user category ( 34 %)
Departing employees do not always think they are acting maliciously – some simply feel entitled to leave with information they have produced . Proofpoint data shows that 87 % of anomalous file exfiltration among cloud tenants over a nine-month period was caused by departing employees , underscoring the need for preventative strategies such as implementing a security review process for this user category .
Privileged users are the riskiest
Two-thirds ( 66 %) of UK respondents identified employees with access to sensitive data , such as HR and finance professionals , as representing the greatest risk of data loss . Additionally , Proofpoint data shows that 1 % of users are responsible for 88 % of data loss events . These findings indicate that organisations must prioritise best practices such as using data classification to identify and protect business-critical data and the ‘ crown jewels ’, as well as monitoring people with access to sensitive data or admin privileges .
Organisations ’ data loss prevention programs are maturing
Many DLP programs in the UK are initially implemented in response to legal regulations , with more than half ( 56 %) of survey participants citing meeting regulatory compliance standards as the primary driver . Protecting the company ’ s reputation and protection of customer and employee privacy came in second ( both at 46 %).
“ Emerging channels underscore the importance of regularly reviewing DLP programs , as these types of rapid developments change user behaviours ,” said Carl Leonard , EMEA Cybersecurity Strategy , Proofpoint . “ Strategies such as implementing purpose-built DLP platforms can help advance security programs by enabling security teams to gain full user and data visibility into all incidents and address the full spectrum of human-centric data loss scenarios .
“ Additionally , while DLP programs are essential , cyber awareness training is equally crucial ,” Leonard added . “ It serves as a constant reminder to employees that their actions matter and carelessness can have severe consequences , including reputational damage and financial losses .” �
24 INTELLIGENTCIO EUROPE www . intelligentcio . com