When it comes to reducing overall breach risk, it is easy to assume that employees represent low-hanging fruit – based on the premise that it is easier to control the actions of a company’s own employees than it is to defend against external attackers. However, HelpSystems recently announced research, interviewing 250 CISOs and CIOs in financial institutions about the cybersecurity challenges they face. And the reality is that insider threat - whether intentional or accidental - was cited by more than a third (35%) of survey respondents as one of the threats with the potential to cause the most damage in the next 12 months.

Likewise, phishing emails were cited by 20% of survey respondents. When it comes to insider threat, motivations are a grey area where the reasons behind breaches, whether through simple human error or deliberate actions, are harder to determine. This makes understanding, and mitigating, insider risk a far more problematic exercise. 

Misdirected emails are also a big risk

In the UK, the latest Information Commissioner Office (ICO) report confirms that misdirected email remains one of the country’s most prominent causes of security incidents. According to the report,  misdirected email is, alarmingly, a 44% bigger risk to organizations than phishing attacks.

This is yet another area where organizations must ensure their data protection policies are robust enough to not only protect themselves but also their employees from the seemingly simplest of mistakes. HelpSystems’ research showed that increased remote working practices was a cause for concern, with 36% stating that they saw it as a cybersecurity threat with the potential to cause significant damage.

Understanding what protection your data requires

Data visibility is another problematic area and subsequent threat emphasized in the HelpSystems’ research. Data visibility and knowing what data is where and who has access to it was highlighted as having the potential to cause the most damage by 14% of our survey respondents. Combine this with internal cybersecurity fatigue, which more than a quarter (28%) cited as potentially damaging, and you can start to appreciate the importance of providing tools and awareness training to help prevent those easily avoided mistakes from happening in the first place.