Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementPhysicalSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingAccess ManagementIdentity ManagementPhysical SecurityCybersecurity News

Want to Stop Data Breaches? Keep an Eye Out for These Six Employee Personas

By Tony Pepper
June 18, 2020

Data breaches have risen steeply over the past decade. Between 2009 and 2019, the number of data breach incidents grew by 196 percent. More concerningly, the number of records compromised in each data breach incident reaches has risen as well. The 471 million records exposed by data breaches in 2018 more than doubled the previous record, sending shockwaves through the cybersecurity world and emphasizing the need to take action to prevent the ongoing trend of large, frequent breaches from occurring in the future.

Unfortunately, this is easier said than done. Although it is tempting to think of breaches as being exclusively caused by malicious cybercriminals hacking corporate networks, the truth is that a significant portion are caused—or, in the case of phishing attacks, at least facilitated—by insiders. In fact, the most recent Verizon Data Breach Investigations Report (DBIR) revealed that 30 percent of breaches are caused by an internal actor. This means that stopping data breaches isn’t as simple as strengthening perimeter or in-network protections from outside attacks. It requires a thorough understanding of the underlying causes of these internal breaches, and the potential warning signs that employees may be exhibiting—whether they know it or not.

 

Profiling Every Company’s Most At-Risk Employees

When we think of “insider data breaches,” it’s tempting to think about employees who are intentionally harming the organization or personally benefitting from leaking data; however, it’s important to remember that the majority of internal breach aren’t malicious. There are plenty of cyberattacks designed specifically to exploit tired, overworked, or otherwise unobservant employees, capitalizing on the sort of easy-to-make mistakes that humans are particularly susceptible to. After all, that’s why they call it “human error.”

If an employee clicks a link in a spear phishing email and tries to input their login credentials, that is technically an “internal” breach (even though the scam obviously originates externally) because it was directly facilitated by an action taken by an internal actor. Similarly, sending an email with personal data in it to the wrong Paul or Rachel because autocomplete suggested the incorrect name is still a breach, even if it was purely accidental. What’s more, given the current remote working situation for workers across the globe—one that has resulted in a 23 percent increase in email activity for businesses—these is greater potential than ever for these errors.

Is it possible to put an end to this sort of breach? It hardly seems reasonable to expect an organization to singlehandedly defeat human error, or for CISOs and their security teams to be able to predict the unpredictable. After all, even the employees themselves don’t know when they’re about to make a mistake—that’s what makes it a mistake!

Fortunately, the answer is yes: today, it is possible for organizations to recognize the types of employees who may be more susceptible to risky behavior than others, and address the matter accordingly. In addition to training and education, the solution to the problem involves looking at technical measures to help shore up defenses to mitigate data breaches in real time. There are an the increasing number of security tools capable of identifying anomalous employee behavior, and the process starts with recognizing the most likely culprits. Below, I will identify the six employee profiles that our research has shown most likely to be the cause of an internal breach.

 

1. Keen Katherine

Employers and employees alike would likely agree that ambition is a valuable thing to have in the workplace. Employees looking to get ahead are more likely to go the extra mile, do the extra work, and ensure projects succeed so that they get noticed. Employees who fall under the ‘Keen Katherine’ umbrella are likely to answer emails quickly—especially emails from company higher-ups—or they may add extra people to email chains so that their accomplishments don’t go unnoticed.

Unfortunately, this has its drawbacks. An employee who is overly eager to impress the CEO is one who is also more likely to fall for spear phishing attacks—especially if they’re new to a company or work in departments like finance or HR, both which makes them prime targets for attackers. By adding extra people to email chains, this type of employee is also more likely to open personal data up to unauthorized access. They run the risk of attaching an unauthorized party to an email containing confidential or otherwise sensitive information, leaving it exposed. Ambition is good, and employees should be encouraged to pursue professional development—but they cannot let that ambition cloud their judgement. Lending these employees a hand by flagging incorrect email recipients (often a sign of spear phishing attempts) can be a big help.

 

2. Confident Chloe

Like Keen Katherine, Confident Chloe is an employee who means well. Chances are, this employee has been at the company for a while, and has been through security training a number of times. They probably even consider themselves knowledgeable about security in general— and feel confident that they’re far less likely to fall for silly email scams than their colleagues.

Naturally, it’s good for employees to have security knowledge, and a little confidence can be a good thing in the workplace. Unfortunately, confidence can quickly become overconfidence, and employees who think they know every potential pitfall are less likely to pay attention to potentially risky behavior. Email encryption might slip this employee’s mind because they trust the intended recipient. They might also neglect to report potential incidents because they think they know best. Unfortunately, they often don’t know best, and having automated email security in place can help avoid leaving the organization vulnerable in the event that something goes wrong.

 

3. Tired Tim

Tired Tim isn’t malicious, either—just tired, with too many things on his plate. Maybe he has a new baby at home that isn’t letting him sleep. Maybe he’s a social creature who burns the candle at both ends. Or maybe his job simply requires him to travel a lot, or keep odd hours. Whatever the case, studies have shown that tired employees are considerably less effective than their well-rested counterparts, and more prone to mistakes. Unfortunately, in today’s business world, “mistakes” can carry significant consequences and lead to breaches.

An employee who is tired or disengaged probably isn’t going above and beyond. Sure, they may do the required security training, but they are unlikely to attend non-mandatory sessions or read the company handbook too closely. Not only that, but they are more likely to make simple errors like sending the wrong attachment, emailing the wrong person, or forgetting to use the BCC field. The ability to detect incorrect email recipients can go a long way toward avoiding the damage that tired employees can cause.

 

4. Reckless Raj

One step past tired employees are employees who are just plain reckless. Reckless Raj represents those employees at every organization who simply “don’t have time” for the extra steps that many security tools add. An employee meeting this profile is generally more than happy to cut corners, possibly even use software programs that he prefers rather than the ones the organization has provided him with. Reckless Raj likely doesn’t view this behavior as irresponsible, either: he sees it as enabling him to get his job done more quickly and efficiently, and shouldn’t his employer appreciate that?

The answer is no, of course. Not only does this behavior violate company policy, but by not taking the time to encrypt emails or double-check their content or recipients, employees like Reckless Raj run the risk of exposing valuable information. It’s best to try to correct this behavior through training and, if necessary, formal performance review measures, but having tools in place to automate security for potentially sensitive data can provide a valuable backstop against future reckless behavior, and is far better than having to deal with a breach that has already happened.

 

5. Sneaky Sara

This is where things start to get a bit gray. Employees who fit the “Sneaky Sara” profile aren’t exactly malicious, but they certainly aren’t conscientious, either. Sneaky Sara is the type of employee eager to advance her career, whether at her current firm or a competitor. When changing jobs, she will likely send a list of her clients or other valuable information to her personal email address to give herself a head start at her new job and avoid losing years of valuable contacts and relationships. She probably knows this behavior isn’t okay, but she doesn’t view it as wrong. After all, it’s the product of her own hard work.

Exfiltrating privileged data is itself a data breach, regardless of whether a person feels that they have ownership of data. What’s more, removing it from the corporate network, where it is protected, to a personal email address with unknown security carries obvious risks. Once outside the network, the company has no way of protecting this data or controlling how it is disseminated, and hackers deflected by the company’s security tools might find that they have a much easier time infiltrating a lone employee’s email account. Today, there are tools capable of detecting anomalous email behavior and even blocking certain data from being shared inappropriately, making it harder for the Sneaky Saras of the working world to expose their employers to this sort of risk.

 

6. Agitated Alan

Like Sneaky Sara, Agitated Alan works hard to get ahead. But unlike Sneaky Sara, it hasn’t exactly worked out for him. Maybe he was passed over for a promotion at work, or disciplined for something that he doesn’t believe was his fault. Maybe he’s mad at his boss for perceived mistreatment, or has a personal gripe with a political stance the company has taken. Whatever the case, Agitated Alan has strong feelings of resentment against his employer and is likely to attempt to exfiltrate valuable data in much the same way as Sneaky Sara. Unfortunately, he is less likely to restrict that information to his personal use.

Although the warning signs are different, the solution for Agitated Alan is much the same as it was for Sneaky Sara. Having tools in place that understand what constitutes normal and abnormal behavior and compliance reporting as appropriate can help put a stop to this behavior—or at least make administrators aware of it before it does any serious harm. Agitated Alan is the most malicious of these profiles, but even he may believe he has a good reason for doing what he’s doing, and knowing the circumstances and mindset likely to precipitate this type of risky action can help nip it in the bud.


Preventing Human Error is a Difficult Task—But We are Getting There

Human error can’t be avoided. People have always made mistakes, and they will almost certainly continue to do so until the end of time. Added to this, too many people are afraid to admit when they have made such an error, and too many organizations reinforce this behavior by issuing harsh punishments for honest mistakes.

With today’s technology, organizations have the ability to forge a new path forward. By understanding employees’ behaviors and the specific mistakes they’re likely to make—as well as the underlying causes—they can put appropriate protections in place to not only prevent breaches from happening, but allow employees to correct their own errors before they are made. Prevention, rather than punishment, is the future. As security tools grow smarter and increasingly capable of detecting abnormal or mistaken behavior, email driven breaches will only become easier to prevent. 

KEYWORDS: cyber security data breach insider threats risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Tony pepper
Tony Pepper is Chief Executive Officer at Egress.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • employee-training-freepik58365.jpg

    Try creating employee personas to customize your security communications efforts

    See More
  • cyber threat

    Addressing Data Breaches: How to Stop Them

    See More
  • Doorway to Cybersecurity

    Compromised employee accounts led to most expensive data breaches over past year

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • A Leaders Guide Book Cover_Nicholson_29Sept2023.jpg

    A Leader’s Guide to Evaluating an Executive Protection Program

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing