A report from Check Point Software and the Ponemon Institute, a
privacy and information management research firm, revealed that 77
percent of organizations surveyed have experienced data loss in the
last year. Key findings from the report, Understanding Security
Complexity in 21st Century IT Environments, showed respondents cited
customer information (52 percent) as the most common type of
information compromised — in addition to intellectual property (33
percent), employee information (31 percent) and corporate plans (16
percent).
With the adoption of Web 2.0 applications and more mobile devices
connecting to the network, organizations are challenged with enforcing
better data security and IT Governance, Risk and Compliance (GRC)
requirements, the report noted. According to the survey of more than 2,400
IT security administrators, the primary cause for data loss resulted
from lost or stolen equipment, followed by network attacks, insecure
mobile devices, Web 2.0 and file-sharing applications and accidentally
sending emails to the wrong recipient.
"With hundreds of data loss incidents every year — both reported and
unreported — it’s no surprise the issues with governance, risk and
compliance are being magnified," said Larry Ponemon, chairman and
founder, Ponemon Institute. "Data security in a modern day world means
more than deploying a set of technologies to overcome these challenges.
In fact, the lack of employee awareness is a primary cause in data loss
incidents and is encouraging more businesses to educate their users
about corporate policies in place."
In addition, approximately 49 percent of all respondents believe their
employees have little or no awareness about data security, compliance
and policies — encouraging businesses to integrate more user awareness
into their data protection strategies, as people are often the first
line of defense. The Ponemon Institute independently conducted the
survey in February, surveying IT security administrators located
in the United States, U.K. France, Germany and Japan. The survey sample
represents organizations of all sizes and across 14 different
industries.
"We understand that data security and compliance are often at the top
of the CISO’s list. However, if you look at the drivers for data loss,
the majority of incidents are unintentional," said Oded Gonda, vice
president of network security products at Check Point Software. "In
order to move data loss from detection to prevention, businesses should
consider integrating more user awareness and establish the appropriate
processes to gain more visibility and control of information assets."