Threats to business-critical data seemingly come from all angles, whether they stem from cyber attacks orchestrated by hacking groups or natural disasters that can wipe out a data center in a flash. However, according to a new report, companies must also take insider breaches and causes for data loss into account.
"In many of the security breaches over these recent weeks, employees or contractors were able to delete or download thousands of files without raising concerns, because often no one was able to determine what sensitive data they had access to and secure it before any information could be stolen, or audit data use and alert on anomalous behavior," the report stated.
Often, data involved in such incidents will be unstructured, according to the report. This includes documents, spreadsheets, images, presentations and video, among others. While such information may seem insignificant, there's no telling what trade secrets or operational data may be contained within them.
"It is a profound operational failure of many organizations that they are unable to perform the most basic management and protection tasks to secure their critical business assets," David Gibson, director of strategic accounts and technical marketing at Varonis, said.
Citigroup, which earlier this year was hit by a cyber attack launched by the Lulz Security hacking group, recently suffered a second incident that experts said appears to be caused by an insider.
The Japan Times recently reported that personal information on about 92,400 Citi Card Japan customers was exposed. The newspaper said an employee of a company Citigroup has an outsourcing contract with stole the information and sold it.