Information security services and solutions company Orthus has released the results from monitoring over 100,000 hours of user activity captured over the last year through the delivery of their unique Data Leakage Audit Service.
The research analysed the ways in which users accessed, processed, stored and transmitted corporate sensitive information including personal information, financial information, and intellectual property. It identified which users were removing sensitive data, where they worked and exactly how and when it was removed. The results were surprising.
The findings showed that information technology (IT) personnel were responsible for an overwhelming 30% of all incidents of data leakage identified during the course of the year’s research. The finding strongly supported the premise that trusted users are the most likely to be the source of information leaks.
The analysis identified exactly who and how sensitive information assets are removed from the corporate infrastructure providing time and date stamped visual evidence of these “data leaks”.
The analysis identified that the following departments were responsible for the amount of data leakage identified:
– Information Technology Department – responsible for 30% of the incidents identified
– Customer Service Department – responsible for 22% of the incidents identified
– Other – (Non-Traditional Departments, third party and contractors) – responsible for 16% of the incidents identified
– Sales Department – responsible for 12% of the incidents identified
– Operations Department – responsible for 10% of the incidents identified
– Marketing Department – responsible for 6% of the incidents identified
– Human Resources Department – responsible for 2% of the incidents identified
– Legal Department – responsible for 2% of the incidents identified
Richard Hollis, Managing Director of Orthus said “The research proves the
rule: that the higher level of access privileges – the greater the propensity for abuse. Companies need to address the insider as the primary threat to their business. Until this is done no real security can be achieved”.
The research was accomplished through the deployment of software agents on endpoints, servers and terminal servers. The software visually recorded evidence of data being removed through unauthorised actions. The research for instance identified if and when sensitive information was sent or copied to an unauthorised device (such as a PDA, MP3 player, USB flash drive or mobile phone) or if it was uploaded or transferred through an unauthorised application (IM or social networking sites).