Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, October 22, 2009

User errors will lead to data leakage – worldwide survey on IT security

A worldwide survey of over 400 organisations with over 500 employees shows that, although organisations believe that they will suffer data leakage in some form at some stage, it will be accidental rather than malicious.  The survey which was commissioned by Dimension Data and carried out by research house IDC during 2009 focused on IT security and interviewed IT security decision makers and influencers in 18 countries in Western Europe, the Americas, the Middle East and Africa, and Asia and Pacific.  “The fact that 57% of the organisations that IDC polled are planning investment in data loss (or leakage) prevention (DLP) indicates broad acceptance of the need to complement the traditional network-centric security approach with data-centric security,” says Neil Campbell, Dimension Data’s global general manager security solutions.  “Organisations (45%) also believe that data leakage is more likely to occur through human error on the part of their own employees, rather than through intentional theft from outside (15%).

According to Eric Domage, IDC EMEA program manager, European security products and strategies, the survey reveals that organisations believe the most significant impact of a security breach would come from the lack of control of its intellectual property (IP).

Campbell adds, “The challenge when protecting an organisation from internal attack is that traditional defences are designed to face outward, at the perimeter of a network, whereas the inside of the network remains relatively free of security controls.

“Besides, at the employee level, protection of data goes beyond technology in that it involves the human resources department and in turn, raises a range of new legal issues around areas such as monitoring and fair use”, explains Campbell, and points out that organisations tend to believe that it will add a layer of managerial and process complexity that they don’t want to confront.

It’s a technology-centric approach to managing the issue of protecting sensitive data, it’s an important strategic step forward.

Posted on 10/22