A recent study has highlighted a pressing issue for organizations in the UAE: a staggering 94% of them experienced data loss in the past year, with careless employees being the primary cause. The inaugural Data Loss Landscape report, released by cybersecurity and compliance company Proofpoint, Inc., reveals the extensive impact of data loss incidents on businesses, including significant disruptions and revenue losses.
The report delves into the current state of data loss prevention (DLP) and insider threats, particularly against the backdrop of challenges such as data proliferation, sophisticated threat actors, and the emergence of generative artificial intelligence (GenAI). It underscores that the root of data loss lies in the interaction between humans and technology, with careless users being more likely to trigger incidents than compromised or misconfigured systems.
Proofpoint’s findings show that while organizations are investing in DLP solutions, these efforts are often not sufficient to address the scale of the problem. Emile Abou Saleh, Senior Regional Director at Proofpoint Middle East, Turkey & Africa, emphasizes the critical role of employees in data protection and the need for organizational strategies that evolve with changing work models. He advocates for enhanced DLP policies and insider risk strategies across various platforms to safeguard against emerging security threats.
Ryan Kalember, Chief Strategy Officer of Proofpoint, points out the human causes behind the majority of data loss incidents. He stresses the importance of rethinking DLP strategies to address people’s actions across all employee-used channels, including cloud, endpoint, email, and web.
The report, which surveyed 600 security professionals across 12 countries, supplemented with data from Proofpoint’s Information Protection platform and Tessian, sheds light on the scale of data loss and insider threats organizations face. Key findings include:
1. Carelessness is the primary cause of data loss: 75% of respondents identified careless users, including behaviors like misdirecting emails and visiting phishing sites, as the main cause.
2. Misdirected email is a significant source of data loss: Tessian data from 2023 indicates that a third of employees sent emails to the wrong recipient, potentially triggering substantial fines under GDPR and other legal frameworks.
3. Generative AI poses a growing concern: Tools like ChatGPT and Grammarly are seeing increased usage, with sensitive data being input into these applications.
4. Malicious insiders and departing employees present substantial risks: Proofpoint’s data shows that 87% of anomalous file exfiltration is caused by departing employees, highlighting the need for specific preventative strategies.
5. Privileged users are the riskiest: UAE respondents identified employees with access to sensitive data as the greatest risk of data loss, with 1% of users responsible for 88% of data loss events.
6. DLP programs are maturing: UAE organizations are increasingly implementing DLP programs in response to legal regulations and the need to protect privacy and minimize costs associated with data loss.
The report underscores the need for regular reviews of DLP programs and the implementation of purpose-built DLP platforms to address human-centric data loss scenarios effectively. As organizations navigate the complex digital landscape, recognizing the human factor in data security is becoming increasingly vital.
