Businesses Struggle to Secure DataBy Brian Prince | Posted 06-04-2007
Customer data ranks third on the list of items business leaders worry about protecting from data breaches, according to a poll of 649 IT executives for a study by the Ponemon Institute. Intellectual property and confidential business information took top billing.
The report, a survey of IT executives from businesses and governmental organizations in the United States, Europe, the Middle East and Africa, included further unsettling results. Only 45 percent of IT staffers surveyed felt they were adequately protected against data loss; 40 percent of the respondents said their organizations don't monitor suspicious database activity or are they didn't know whether such monitoring occurs; and 68 percent said they felt their databases were well protected against hackers, but only 43 percent expressed confidence that they were safe from malicious insiders.
"Data can be monetized quickly and the bad guys know it," Larry Ponemon, chairman of the Ponemon Institute, based in Traverse City, Mich., said in a statement. "Organizations that fail to protect their data effectively are proving easy targets [and are] often left to contend with considerable damage to their reputations and financial results."
A similar survey of 1,400 IT executives earlier in 2007 by Datamonitor put the price tag for the average data leak incident at $1.82 million, according to the 23 percent of respondents who were able to track and audit losses after a breach.
Some of the key problems facing respondents are the sheer number of databases being used and the difficulty of knowing where those databases are and what is in them. Thirty percent of respondents said their organizations had between 101 and 500 databases, while 23 percent reported having in excess of 1,000. Another 16 percent could not determine how many databases they had.
"You can't protect what you don't know [you have]," said Toby Weiss, president and CEO of New York-based Application Security, which sponsored the study.
According to Weiss, locating all an organization's databases is just one-fourth of the battle. Corporations need to also need to prioritize which databases need to be addressed first, remediate any vulnerabilities or security issues and monitor databases for suspicious activity, he said.
The good news one can take from such studies, Weiss said, is that organizations both large and small are increasing the security portion of the IT budget.
"I think people are starting to wake up to the cost of an incident and the value of the information they have," Weiss said.