Employee behavior is a greater threat to sensitive data, reveals WD

News Desk -

Share

Western Digital has released data on the attitudes and behaviors of over 634 Middle Eastern employees (data users) and employers (data managers) in relation to highly sensitive data. According to research, 77% of data managers believe that employee behavior is a greater threat to their highly sensitive data than external hackers, and that employees are responsible for nearly one-third (32% of) data security incidents.

In the summer of 2021, Western Digital spoke with 210 managers and 424 data users in Saudi Arabia and the United Arab Emirates. Respondents work in media and entertainment, government, legal professional services, healthcare, and financial services, as well as businesses ranging in size from small (10-99 employees) to enterprise (5000+ employees).

Data users are aware of the risks. In fact, 32% of data users surveyed believe they have put highly sensitive data at risk in the last 12 months. This is backed up by just under two-thirds (60%) of data managers reporting an increase in security threats and incidents over the same time period.

However, data users continue to fall into the trap of using poor security practices, especially when it comes to data sharing and storage. Almost three quarters (73 per cent) of data users have access to data they shouldn’t, this is worrying as 82 per cent of data managers think data security could be improved in how they store and transmit highly sensitive data.

Risky security practices 

Remote and hybrid working styles have become the new norm with 89% of data users claiming that they work on collaborative projects that require data sharing. But, these collaborative and remote ways of working have widened the evolving threat landscape and exposed some major risks. The top five risks cited by data managers are just the tip of the iceberg. Almost two in five (39%) of data users said that they share physical hard disks (HDDs) and solid-state drives (SSDs) with colleagues at work in order to share data. While, 36% of data users admitted to sharing their work devices with family and friends, and 32% admitted to taking sensitive data with them when they left an organisation.

Sharing data 

There remains a clear gap in employee behaviour between the data sharing method used and their assumption of what the most secure way to share sensitive data is. The most common methods for sharing or transmitting highly sensitive data by employees were email (49%) and cloud or online file sharing (40%), ahead of HDD / SSD (39%) and USB drives (28%). These figures suggest ease of use and familiarity are key factors in the decision-making process for data users when it comes to how to share sensitive data. 

However, 93% of data managers want more control over how their data is stored and shared. Coupled with the belief that data security needs immediate improvement, almost two thirds (63%) of data mangers expect to see their use of physical drives (HDDs and SSDs) increasing in the next two years, due to the encryption and security features these technologies can offer. Some features that organisations believe are very important when it comes to using physical drives for highly sensitive data include: 

  • Consistent performance and reliability (78%)
  • Encryption (70%)
  • Enhanced control / being able to protect data remotely if the drive is lost or stolen (66%)
  • Large capacity (64%)
  • Improved authentication (61%)

Ultimately, 84% of data managers say HDDs or SSDs with encryption or security features address many of the concerns companies may have had about this technology.  

Khwaja Saifuddin, Senior Sales Director for Middle East, Africa & South Asia at Western Digital concluded: “In today’s business environment, increased security risks, employee behaviour and the sheer volume of data produced, can make it difficult for organisations to stay on top of security and storage challenges. As technology advances, employees and employers are looking for ways to store and share sensitive data more securely. The combination of the right infrastructure, integrated with encryption platforms, to store and share sensitive data, and the education of employees of the threats they may be exposing their organisation to will go a long way to improving the threat landscape and reducing risk.”