Subscribe

Protecting against data theft

By Vicky Burger, ITWeb portals content / relationship manager
Johannesburg, 15 Apr 2008

Hacking and stealing of data can be hugely profitable. Trade secrets as well as personal and financial data are worth large amounts of money and companies must protect themselves and their data from these threats, states Kevin Wharram, technical manager, EMEA, for Guidance Software.

Both Wharram and Greg Day, senior security strategist at McAfee, will discuss data theft and protecting against it at ITWeb's Security Summit 2008.

Data theft is difficult to detect and most organisations only find out that their data has been stolen when they are informed by the police, public, or other sources, says Wharram. However, there are some controls and practices that organisations could follow to prevent against it, he adds.

Wharram suggests that among other things companies can perform a risk assessment and a business impact analysis on the data that they hold. "Based on their findings they should then implement acceptable controls to protect that data. In addition, companies should educate users about the policies and other security issues," he says.

ITWeb Security Summit 2008

More information about the ITWeb Security Summit 2008, which takes place from 6 to 8 May at Vodaworld, Midrand, is available online here.

Day states that a major stumbling block to effective data protection is a lack of understanding from senior management and recognition of the problems surrounding protecting information assets. Weak or non-existent internal processes and controls, together with a misconception that security products will solve all problems, are also reasons why data protection strategies fail, he adds.

"Research by McAfee shows that nearly two-thirds of incidents of data loss recorded by businesses was unintentional and came from within the company rather than as the result of external attack," says Day.

In recent years, security has evolved from being a purely reactive strategy to incorporate proactive approaches as well, he states. For businesses wanting to ensure their data protection strategies are effective, meeting requirements with regards to compliance would be a positive first step, Day continues.

Whether it is preventing users from causing unintentional breeches, or identifying malicious attacks from employees or external sources, a large part of data control is ongoing monitoring and enforcement, he concludes.

Related stories:
Security Summit 2008 excites
Complex malware needs stricter security
Cyber-crime on the increase everywhere
Web 2.0 brings security risks
Simple identity management is not enough

Share