Tuesday, 5 July 2011

Survey Shows 3 of 4 Companies Suffer Data Loss

Research released this week by the Ponemon Institute reveals that more than three out of four organizations surveyed have experienced some kind of data loss within the last year. Some of the data loss occurred because of negligence on the part of an employee or a technical glitch, but an increasing percentage of the data breaches were the result of malicious criminal activity, underscoring the need for increased attention to data loss prevention (DLP) security.

The survey conducted by the Ponemon Institute queried 2,400 IT security professionals, 77% of whom report some kind of data loss incident. Check Point Software Technologies released the survey along with information on DLP best practices. The survey showed that the leading causes of data loss were, in order, lost or stolen equipment, such as a laptop or a USB drive; network attacks; insecure mobile devices; activity on Web 2.0 sites; file sharing applications; and accidentally sending emails to an unintended recipient.

“Criminal data breaches or thefts are a greater percentage of breaches than was the case in the past,” says Larry Ponemon, chairman and founder of the Ponemon Institute. “It could be a hacker or a malicious insider, someone for whom their mission in life is to steal data or damage it.”

Data losses related to negligence by employees is preventable, says Ponemon. Yet the survey shows that 49% of respondents believe their employees have little or no awareness about data security, governance requirements or corporate security policies.

“Despite all the hoopla about security vulnerabilities and [reports] about cyberattacks on the rise ... it just seems like companies in general are complacent about their security posture until they have a big problem,” he says.

To increase security, Check Point suggested several best practices. For example, companies and their employees should understand their organization’s security needs; classify sensitive data; align security policies with business needs; secure data throughout its life cycle; and emphasize user awareness of security risks. Check Point also advises companies to think beyond security compliance regulations such as Payment Card Industry Data Security Standards (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes Oxley, and develop DLP practices that are “protecting data beyond what’s required.”

The survey also tracked what kind of data has been lost in breaches: customer data such as credit card or Social Security numbers, 52%; intellectual property, 33%; employee personal information, 31%; and corporate plans, 16%.

“The moral of the story is that organizations can do a better job of ensuring that they have a strong security posture,” says Ponemon. “You get a new-found religion when you’re on the front page of the New York Times or the Wall Street Journal because of a data breach or a cyber attack that you failed to detect quickly.”

Read more: http://www.networkcomputing.com/data-protection/230500223