'Privileged users' present major risk to data loss across Singapore: report
HR professionals have emerged on the list of employees that pose a major risk for data loss for organisations in Singapore, according to a new survey.
Nearly three in four (74%) security professionals in Singapore said "privileged users" with access to sensitive data represent the greatest risk of data loss.
These users include HR and finance professionals, according to the survey, as released by Proofpoint in a new report.
"These employees often have access to valuable data such as PII (personal identifiable information), financial data, or in the case of HR employees, payroll, performance and medical leave records," the report read.
Departing employees also emerged as a risky user category for security professionals.
"Departing employees do not always think they are acting maliciously — some simply feel entitled to leave with information they have produced," Proofpoint said in a media release.
Human error blamed for data loss
These findings come as the blame for data loss across organisations shift to human error, instead of compromised or misconfigured systems.
In Singapore, 80% of the respondents said they experienced data loss in the past year, and 68% said the main cause was careless users.
"Data loss primarily stems from human error," said Jennifer Cheng, director, cybersecurity strategy, Asia Pacific and Japan, Proofpoint, in a statement. "As such, it's no surprise that a significant portion of alerts are triggered by careless users."
Carelessness includes misdirecting emails, visiting phishing sites, installing unauthorised software, and emailing sensitive data to a personal account, according to Proofpoint.
As a result of these incidents, 97% of the respondents said they suffered bad outcomes from data loss incidents, such as business disruption and revenue loss and reputational damage.
Efforts to prevent data loss
Cheng acknowledged that organisations in Singapore have been making "considerable efforts" to prevent data loss incidents, but they often fail to address the issue in its entirety.
Ryan Kalember, chief strategy officer, Proofpoint, underscored that careless, compromised, and malicious users will continue to be responsible for most data loss incidents.
"Organisations need to rethink their DLP (data loss prevention) strategies to address the underlying cause of data loss — people's actions — so they can detect, investigate, and respond to threats across all channels their employees are using including cloud, endpoint, email, and web," Kalember said.
