SUNNYVALE, Calif., March 19, 2024 (Globe Newswire) — Proof Point Co., Ltd.a leading cybersecurity and compliance company, today released its first release. Data loss situation reportSo, how do current approaches to data loss prevention (DLP) and insider threats address today’s macro challenges such as data proliferation, advanced attackers, and generative artificial intelligence (GenAI)? We will investigate whether there are any. The findings reveal that data loss is a problem caused by human-machine interaction. A “careless user” is far more likely to cause such an incident than a compromised or misconfigured system.
Although organizations are investing in DLP solutions, a Proofpoint report shows that their investments are often inadequate, with 85% of organizations surveyed experiencing data loss in the past year. I am. More than 9 in 10 affected businesses faced negative consequences, such as business interruption and loss of revenue (reported by more than 50% of affected organizations) or reputational damage (40%) . But surprisingly, Proofpoint’s data Information protection platform We found that just 1% of users are responsible for 88% of alerts.
“This study highlights the most important aspect of the data loss problem: the human cause,” said Ryan Kalember, Chief Strategy Officer at Proofpoint. “While inadvertently compromised malicious users are and will continue to be responsible for the majority of incidents, GenAI tools are absorbing common tasks and gaining access to sensitive data in the process. Organizations rely on their employees to connect to the cloud, endpoints, email, and the web.”
The 2024 State of Data Loss Report examines third-party survey responses from 600 security professionals in 12 countries, 17 industries, and organizations with 1,000 or more employees. These insights were supplemented with data from Proofpoint’s information protection platform and Tessian. I got it last fallto convey the scale of data loss and insider threats facing organizations.
Key global findings include:
- Data loss is a widespread but avoidable problem. Organizations experience at least one incident per month (an average of 15 data loss incidents per organization in the past year), and 71% of respondents said inattentive users were the main culprit . Negligence includes sending emails incorrectly, visiting phishing sites, installing malicious software, and emailing sensitive data to personal accounts. These are all preventable behaviors that can be mitigated through practices such as implementing DLP policy rules for email, web uploads, cloud file synchronization, and other common data extraction methods.
- Misdirected emails are one of the simplest and most serious causes of data loss. According to 2023 data from Tessian, approximately one-third of employees sent one or two emails to the wrong recipient. That means a company with 5,000 employees can expect to deal with approximately 3,400 misdirected emails per year. Accidentally sending emails containing employee, customer or patient data can result in hefty fines under the GDPR and other legal frameworks.
- The generation AI Fastest growing areas of concern: Tools like ChatGPT, Grammarly, Bing Chat, and Google Gemini are becoming more functional and useful, and more users are entering sensitive data into these applications. “Gen AI Site Viewing” is now one of the top five DLP and Insider Threat Alert rules set by organizations using Proofpoint’s Information Protection Platform.
- The consequences of malicious actions can be costly, including: 20% of respondents said malicious insiders, such as employees or contractors, are behind data loss incidents. Malicious acts or departing employees seeking to harm the organization can have an even greater impact than careless insiders because they are motivated by personal gain.
- Employees leaving the company were identified as the third highest-risk user category. Employees who leave don’t always think they’re acting in bad faith. Some people simply feel entitled to leave with the information they created. According to Proofpoint data, 87% of anomalous file exfiltration across cloud tenants over a nine-month period was caused by departed employees, and this user reviews his process implementation, etc. for his category. The need for preventive strategies is emphasized.
- Privileged users are most at risk. 63% of respondents identified employees with access to sensitive data, such as human resources and financial professionals, as being at the greatest risk of data loss. Additionally, Proofpoint data shows that his 1% of users are responsible for his 88% of data loss events. These findings support best practices, such as the use of data classification to help organizations identify and protect their business’s critical data or “crown jewels” and monitoring users with access to sensitive data and administrative privileges. This indicates that priority should be given to
- Organizations’ data loss prevention programs are maturing. While many programs were initially implemented in response to legal regulations, more than 50% of survey participants cited protecting customer and employee privacy as a key driver. The financial industry is an exception. The most common response for these organizations was regulation, followed by the health sector and the government sector.
“Emerging channels highlight the importance of regularly reviewing DLP programs as these types of rapid developments change user behavior,” said Kalember. ” Strategies such as implementing a purpose-built DLP platform improve security by enabling security teams to gain complete user and data visibility into all incidents and address the full range of human-centric data loss scenarios. It helps the program advance. This is an important data security variable and data loss prevention programs need to be aware of this.”
To download the 2024 Data Loss Situation Report, please visit: https://www.proofpoint.com/us/resources/threat-reports/data-loss-landscape
About Proofpoint Co., Ltd.
Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations’ greatest assets and greatest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps businesses around the world thwart targeted threats, protect data, and make users more resilient to cyberattacks. Leading organizations of all sizes, including 85% of Fortune 100 companies, rely on Proofpoint for human-centric security and compliance solutions that reduce their most critical risks across email, cloud, social media, and the web. For more information, please visit www.proofpoint.com.
Connect to Proofpoint: X | LinkedIn | Facebook | YouTube
Proofpoint is a registered trademark or trade name of Proofpoint, Inc. in the United States and other countries. All other trademarks contained herein are the property of their respective owners.
ProofPoint Media Contact:
Estelle Delue
Proof Point Co., Ltd.
pr@proofpoint.com
