Data leak figures !
According to a survey on insider threats published by security firm Orthus this week, data leak is primarly Internal Data Leak, wich we already knew but more surprisingly, IT staff are the most likely to leak the sensitive data about their own company.
“The insider is most likely to be from the IT or customer services department, uses a mobile PC rather than a desktop computer and more often than not will copy the sensitive data to the local hard drive and walk straight out of the door with it – or webmail a copy to themselves,” wrote the authors.
Orthus based its findings on information extracted from data leakage audits conducted since 2006 on its own customer sites using remote agents: an estimated 500,000 hours of user activity within an unspecified number of mainly UK organisations employing 1,000 or more people.
Key results from this survey:
- Corporate data leakage was most likely to occur through mobile devices with 68% of all events identified linked to mobile rather than fixed desktop systems.
- Information Technology and Customer Services Departments had the highest incidence of data leakage.
- Most incidents of data leakage occur during the extended working day (7-7 Monday to Friday).
- The applications most favoured by users to remove sensitive data were identified as web mail, instant messaging (IM) and social networking web sites
- The top 4 data leakage vectors were identified as mobile devices, web mail, removable media and corporate email.
- All data leakage incidents identified could have been prevented. Existing corporate security policies were not implemented,monitored or enforced.
And some more information available here: