With the cost of a data breach in 2009 pegged at R1 568 per customer record, internal and external threats to data should be the top concern for small to medium business (SME) owners in 2010.
According to the Ponemon Institute, the cost of a data breach rose last year to $204 (R1 568) per customer record, with the average total cost of a data breach estimated at $6.75 million (R51.9 million) in 2009.
The main causes for these data breaches, based on data collected from 45 companies that publicly acknowledged a breach of sensitive customer data last year, are negligence (40%), system glitches (36%), and malicious and criminal attacks (24%).
“In today's evolving threat landscape, SMEs need to carefully consider both the internal and external threats to their data,” says Jonathan Wilkinson, a speaker at the forthcoming ITWeb Security Summit, and product director of security-as-a-service at Websense.
He adds: “While the majority of internal data leaks are accidental or unintentional, external blended threats - Web, e-mail and data - are also on the increase. Cyber criminals are refocusing their efforts and their target is no longer just bringing down an organisation's infrastructure, but gaining access to sensitive data.”
Wilkinson believes data loss prevention (DLP) solutions are the most effective way for SMEs to protect confidential data assets: “An effective DLP solution will enable an organisation to protect customer information, intellectual property, and enforce and report on regulatory compliance.”
He cites cellular provider Cellcom Israel as a case in point. As with all organisations, Cellcom has large amounts of sensitive and company proprietary information held on its corporate network. However, it wasn't until a serious data leak occurred that Cellcom realised its sensitive data needed to be better identified, monitored and protected from potential misuse.
“We had a serious incident a couple of years ago when very important company documents were leaked to the press,” explains Amir Shahar, information security manager at Cellcom Israel's security department.
“Although we weren't hurt financially - at least not directly - the documents were published and our reputation was certainly damaged. Not only was this embarrassing for the company, but if this kind of event were to happen again, potential losses could be significant.”
Consequently, Cellcom selected a data security solution to detect and prevent unauthorised use of confidential company information. Says Shahar: "The most powerful feature of the solution is that it monitors the information you hold within the organisation and identifies which information is confidential and potentially at risk. At that point policies can be automatically put in place to determine who has access to this data and what they can do with it.”
He concludes: “In fact, we were able to identify 200GB of data on the network that we hadn't realised was sensitive. Actually, we didn't even know that these documents existed. Alerts also told us when sensitive data was moved or sent out of the organisation.”
In his presentation at the 2010 Security Summit, which takes place from 11 to 13 May at the Sandton Convention Centre, Wilkinson will explore the potential for security to be delivered as a service. He will look at some of the strategies IT professionals should follow to implement a security-as-a-service model to increase coverage and reduce costs without sacrificing security, as well as the lessons learnt.
Share