“I don’t think I expected two-thirds to say they can’t prevent a breach,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “If your first line of defense says you can’t win the war, it indicates a big problem.”
High false positive rates of up to 35% affect the ability of many organizations to detect a breach.
According to the Ponemon Institute’s final report on the survey:
-High false positive rates of up to 35% affect the ability of many organizations to detect a breach.
– 41% of respondents don’t believe they are effectively enforcing data security policies. The top reason given for failed enforcement is lack of resources.
– Respondents said there’s a 68% probability they can detect a large data breach involving more than 10,000 data files.
– But they said small data breaches involving fewer than 100 files are only likely to be detected 51% of the time.
– Only 16 % of respondents believe they are invulnerable to a data breach.
– Excessive cost was the main reason 35% of respondents said they’re not using leak-prevention technologies.
“There’s a lot of frustration at the CIO level, because there’s a feeling that the responsibilities should be shared across the management structure more than they are,” he said. “They’re also concerned about their ability to enforce security policies. Even when someone finds the culprit behind a breach, policies aren’t enforced and mistakes are repeated in terms of what users do in their computing habits.”
Raj Dhingra, PortAuthority Technologies’ vice president of products and marketing, said his company sponsored the study because it wanted to pinpoint the root causes of corporate data breaches. “We feel this study helps bring greater understanding of these issues, while validating that the industry requires much more than just monitoring of information leaks, but automated enforcement to best prevent information leaks,” he said.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1213621,00.html