After the recent revelation that a young airman leaked classified documents online, the US government has once again been confronted with the reality that malicious people, both inside and outside, are intent on sharing the country's secrets. That alone is enough to keep security leaders up at night. Dave Russell, Vice President of Enterprise Strategy at Veeam, and Rick Vanover, Senior Director of Product Strategy at Veeam, said

The source of the data breach is clear

Human error is by far one of the biggest causes of data breaches in the public and private sectors. In fact, the World Economic Forum's 2022 Global Risks Report reveals that 95% of cybersecurity threats are caused by some form of human error. The 2022 Data Breach Investigations Report (DBIR) reveals that 82% of breaches are caused by human error.

Major threat to countries

Accidental data leaks have been a thorn in the side of governments for years. Around the world, a British civil servant left Al-Qaeda files on a train, Australian government files were found in lockers being sold, and the UK government's counter-terrorism tools were accidentally leaked on Trello. In the US, the personal information of 191 million voters was published online in 2015 and US soldiers accidentally leaked nuclear secrets to a work app.

So how can the public and private sectors help their employees to ensure that information is not passed through leak points?

First, organizations can secure their data in cloud and container environments. As organizations invest in the cloud, many are failing to build network and security frameworks that meet the rigorous standards they expect on premises. If organizations don't build cloud security models before implementation, it's often too late to go back and make the appropriate checks, putting their IP at risk. It's like allowing a malicious actor to live inside the network.

Organizations can also improve their policies on who can access what data. Zero-trust security models force users to actively demonstrate that they can be trusted to access the information they seek. This means using tools that can identify known users based on passwords, logins or biometric data.

Organizations should address the issue of unintentional data leaks as a trigger to improve staff "digital hygiene" practices. This includes regular rounds of training on cybersecurity practices and the need for proper data handling.