Employees taking personal data with them
Around 47 Million Americans left their jobs in 2021, and some took away personal information with them.
The conclusion comes from the latest report by Cyberhaven Inc, a data detection and response firm. It studied 3,72,000 cases of data extraction, and unauthorized transferring of critical info among systems- it involves 1.4 over a six-month period. Cyberhaven Inc found that 9.% of employees took data during that time frame.
Over 40% of the compromised data was customer or client details, 13.8% related to source code, and 8% was regulated by personally identifiable information. The top 1% of guilty actors are accountable for around 8% of cases and the top 10% of guilty parties are responsible for 35% of cases.
Reason for data extraction
As expected, the prime time for data extraction was between notice submissions by employees and their last day at work. Cyberhaven calculated around a 38% rise in cases during the post-notice period and an 83% rise in two weeks prior to an employee's resignation. The Cases bounced to 109% on the day the employees were fired from the company.
Cyberhaven Inc blog says:
"While external threats capture headlines, our report proves that internal leaks are rampant – costing millions (sometimes billions) in IP loss and reputational damage. High-profile recent examples include Twitter, TikTok, and Facebook, but for the most part, this trend has flown under the radar."
The scale of the incident
If you look at the threat on a per-person basis, the risk is not significant, however, it intensifies with scale. Companies experience a mere average of 0.045% data extraction cases/per employee every month, however, it piles up to 45 monthly events at 1,000-employee organizations.
A general way an employee usually takes out information is through cloud storage accounts, these were used in 27.5% of cases, then 19% belonging to personal webmail, with 14.4% incidents having corporate email messages sent to personal accounts. Removable storage drives amount to one in seven cases.
Most incidents caused due to accident
Howard Ting (Chief Executive) warned not to jump to any conclusions, thinking many employees are criminals. He believes that the first and foremost cause of data exfiltration is an accident, one shouldn't assume every user is guilty. He said that users are generally unaware they aren't able to upload critical info on drives.
Most organizations fail to clearly mention policies regarding data ownership. People in sales may believe they can keep account details they have, and developers may keep their code as a personal achievement. Organization mails having internal contact details are casually forwarded to personal accounts without ill intent and critical information can be stored in local hard drives, just a few clicks away. Cyberhaven inc comments:
"Our data suggests employees often sense their impending dismissal and decide to collect sensitive company data for themselves, while others quickly siphon away data before their access is turned off."
