Employee turnover is exacerbating loss of sensitive data, according to report
More chief information security officers (CISO) are reverting to the belief that people are the biggest cybersecurity risks to an organisation, as the world is rocked by layoffs that they said are fuelling sensitive data loss.
More than half (59%) of 100 CISOs surveyed by Proofpoint in the United Arab Emirates (UAE) view human error as their organisation's biggest cyber vulnerability. This is much higher than the 50% who said so in 2022, but lower than the 70% in 2021.
This view among CISOs echo the belief of many executives in another survey by EisnerAmper's Outsourced IT Services this year, where 71% think that their company's next cybersecurity breach will likely be due to an internal staff error.
In the UAE, 47% of CISOs have reported material loss of sensitive data in the past 12 months, where 75% agreed that employees leaving their organisation played a role in this.
"Insider threats are a growing problem. And as staff turnover shows no signs of slowing across many industries, it is likely to be an issue for some time," the report said.
These findings come as the world is hit by a wave of mass layoffs. A tally from layoffs.fyi put the number of employers retrenching staff to 669, with more than 193,000 employees laid off just this year.
"Years of sustained remote and hybrid working has resulted in an increased risk around insider threat incidents, with our research revealing that three-quarters of CISOs in the UAE agree that people leaving the organisation contribute to data loss," said Emile Abou Saleh, Regional Director, Middle East and Africa at Proofpoint, in a media release published by Zawya.
Addressing the problem
Despite citing people as reason for data losses, 56% of security leaders said employees understand their role in protecting the organisation. In fact, 61% of CISOs are confident that their organisations have the enough controls to protect their data, according to the report.
"The rising challenges of protecting people and data, high expectations, burnout, and uncertainty about personal liability are testing CISOs in the UAE," Saleh said. "The way forward is to implement layered defences, including a dedicated insider threat management solution and strong security awareness training, so organizations are well protected against threats that focus on people as the main perimeter."
Rahul Mahna, partner and head of Outsourced IT Services at EisnerAmper, also previously advised employers to regularly train staff in terms of cybersecurity.
"Most companies should be conducting cybersecurity training at least quarterly," Mahna said in a statement.
