“Careless users” are much more likely to cause data loss incidents than compromised or misconfigured systems, according to Proofpoint, Inc.’s Data Loss Landscape report.
The findings show that DLP investments are often inadequate, with 80% of surveyed organisations in Singapore experiencing data loss in 2023. Affected organisations experienced business disruption and revenue loss (63%) and reputational damage (30%).
Careless users
“Data loss primarily stems from human error. As such, it’s no surprise that a significant portion of alerts are triggered by careless users. Yet, incidents originating from malicious or compromised individuals tend to inflict more substantial damage on businesses,” said Jennifer Cheng, director of cybersecurity strategy, Asia Pacific and Japan, Proofpoint.
Organisations in Singapore experienced more than one incident per month. Around 68% of respondents attributed them to careless users. The study reveals that carelessness includes misdirecting emails, visiting phishing sites, installing unauthorised software, and emailing sensitive data to a personal account.
Widespread yet preventable
Data loss is a widespread but preventable problem. Ryan Kalember, chief strategy officer of Proofpoint, underscores the importance of regularly reviewing DLP programs.
“Strategies such as implementing purpose-built DLP platforms can help advance security programs by enabling security teams to gain full user and data visibility into all incidents and address the full spectrum of human-centric data loss scenarios. Humans are a critical data security variable—and data loss prevention programs must recognise this,” Kalember said.
