Glenda Wheeler

PROJECT MANAGEMENT

Follow the leader

Subscribe to Security Newsletter

VIRTUAL PRESS OFFICESTM
(011) 807 3294   itnews@itweb.co.za | Advertise on ITWeb   Sat, 20 Dec, 05:02:44 AM
You are here Home

No shift ... Sherlock?

Stagnation of data security practices a major cause for concern.

Every year Cibecs highlights the risks, the costs, the trials and tribulations, the blood, the sweat, the tears (have we mentioned the costs?) associated with business data loss.

Every year we get a few hundred companies worldwide to participate in our annual Enterprise Data Loss Survey and – every year - the pattern of answers remain the same.

“Contradiction, Mr Watson”

If Sherlock Holmes was tasked with finding out why/how organisations in the world today were losing business-critical information, he'd have to look no further than reports from our previous surveys.

An example of the status quo at the majority of 2010 and 2011's survey participants follows:

Q: How does your company currently protect business-critical data?

A: Company policy instructing users to copy their files to a file server or external device (hard drive).

Q: Which of the following problems does your company experience with user data backups?

A: Users do not consistently follow our policies (comes up trumps every time).

There are several other contradictory answers, all of which you will find in last year's report, but the above is a clear example of the first faulty step most companies take when it comes to the security of their mission-critical data.

“It's the users' problem”

Those users include company directors, senior managers, HR, marketing, PAs and receptionists who receive e-mail and communicate on behalf of the company to a variety of suppliers, clients and the like.

And it's their problem?

The reality is that there is hell to pay should a marketing plan, strategic or personal information (for example) be lost due to theft, negligence, computer virus or any other daily occurrence.

A further reality is that changing legislation, specifically related to the protection of business-critical and personal information, makes it imperative for companies and organisations to take appropriate steps to safeguard their data (with substantial penalties for not doing so).

Yet, it is “their” problem?

GRC and business continuity

Any honest IT manager will tell you that their time, and that of their team, is already stretched to the limit without having the added burden of having to deal with an anxious person from risk (governance and compliance).

The same honest IT manager will also tell you that assuring business continuity, while a pressing and ever-present problem, does not always feature high on a to-do list that shows no regard for the amount of hours in a day.

The reality is that governance, risk and compliance does need ITs involvement (and that of company executives), as it relates to the security of, and access to, company and personal data.

What. Where. How. When – helping Cibecs provide the answers

Moving on to the third instalment of the Cibecs 2012 Business Data Loss Survey. (http://www.surveymonkey.com/s/2012_data_loss)

The rise of bring your own device (BYOD) and the enterprise adoption of this trend form part of the question set in this year's edition. Other relevant topics include file sharing cultures and methodologies (such as Dropbox) at an enterprise level, current data protection technologies and failings, and the impact of GRC on IT departments, to name but a few.

What you need to take part?

* Five minutes of your time
* A desire to share your experience and knowledge
* A desire to receive our famous report and learn where you, and your company, stand.

The Cibecs survey sets the benchmark for relevant, insightful and useful statistics and analysis on the state of endpoint user data security at businesses and enterprises.

Our hope is that asking the tough questions will lead to more thought and debate among IT and business professionals alike.

Our hope is for a shift in attitude in relation to the security of mission-critical data.

Enjoyed this story? Subscribe to ITWeb's Security News newsletter.

Editorial contacts

Cibecs
Brandon Faber
This e-mail address is being protected from spambots, you need JavaScript enabled to view it

 

Our comments policy does not allow anonymous postings. Read the policy here




Company news

 

 

 

 

Bytes IDM specialises in the provision of full Identity Lifecycle Management solutions through an array of hardware devices and software solutions. The IDM divisionprovides industry tailored solutions to both public and private sector organisations that require identity verification solutions when interacting with their clientele. Click here to learn more.

Top news

SECURITY BLOGS

GENERAL BLOGS


27-29
MAY
Security Summit
Sandton Convention Centre

AdWare.Win32.HotBar.dh
Trojan.JS.Popupper.aw
AdWare.Win32.FunWeb.kd
Trojan-Downloader.JS.IstBar.cx
AdWare.Win32.FunWeb.jp
Trojan-Downloader.JS.Agent.fxq
Exploit.HTML.CVE-2010-4452.h
Trojan.JS.Agent.bun
Trojan-Downloader.JS.Iframe.cew
Exploit.JS.CVE-2010-1885.k
ITWeb Security Summit 2015
26 to 28 May / Vodacom World, Midrand
William (Bill) BinneyInternational keynote: William (Bill) Binney, former NSA director
Bill spent more than 30 years working at the NSA, and has been described as one of the best analysts in its history. He left the agency in 2001, having publicly disagreed with its data collection policies. During his keynote he'll draw back the veil and reveal what the state-adversary looks like from the inside.

Publications

MTN's marketing guru hits refresh.

 

Lourens Swanepoel

MARKETING AND IT

Dynamic duo