Why DLP has failed and what the future looks like
If you haven’t yet read Tessian’s report on the State of DLP in 2020 it’s worth a read. Avoiding many of the oft churned out stats regarding the number of and increase in data loss incidents, Tessian says that its research shows that while IT leaders count security awareness training as the most effective way to prevent data loss, organisations that provide the most training experience the most misdirected emails.
63% of employees who receive training every 1-3 months say they remember sending emails to the wrong person. This number drops to 43% in organizations that conduct training once a year or less often.
One of the reasons IT leaders don’t have true visibility over the flow of data within their organizations is because employees don’t always report their mistakes internally, the report says.
Whether it’s because they’re afraid to admit wrongdoing or simply because they don’t know the implications or their internal reporting processes, this means many security leaders underestimate how many misdirected emails are sent within their organization every year.
IT leaders working at organizations with 1,000+ people in the US estimate 480 emails are sent to the wrong person every year. On the other hand, according to Tessian data, an average of 800 emails are misdirected in organizations with 1,000 employees during a single year.
People break the rules more often than IT leaders think. While sending company data to personal email accounts isn’t always malicious, it is often against security policies.
Of course, sending company data to a personal email account can also be a sign of intentional data exfiltration by, for example, a disgruntled employee on their way out or an insider threat.
This happens much more often than IT leaders think. While they estimate just 720 unauthorized emails are sent each year in organizations with 1,000+ employees, according to Tessian data, an average of 27,500 unauthorized emails are sent a year in an organization with 1,000 employees.
That’s 38x more than estimated.
You can read the report here.