No shift ... Sherlock?
Stagnation of data security practices a major cause for concern.
Every year Cibecs highlights the risks, the costs, the trials and tribulations, the blood, the sweat, the tears (have we mentioned the costs?) associated with business data loss.
Every year we get a few hundred companies worldwide to participate in our annual Enterprise Data Loss Survey and - every year - the pattern of answers remain the same.
“Contradiction, Mr Watson”
If Sherlock Holmes was tasked with finding out why/how organisations in the world today were losing business-critical information, he'd have to look no further than reports from our previous surveys.
An example of the status quo at the majority of 2010 and 2011's survey participants follows:
Q: How does your company currently protect business-critical data?
A: Company policy instructing users to copy their files to a file server or external device (hard drive).
Q: Which of the following problems does your company experience with user data backups?
A: Users do not consistently follow our policies (comes up trumps every time).
There are several other contradictory answers, all of which you will find in last year's report, but the above is a clear example of the first faulty step most companies take when it comes to the security of their mission-critical data.
“It's the users' problem”
Those users include company directors, senior managers, HR, marketing, PAs and receptionists who receive e-mail and communicate on behalf of the company to a variety of suppliers, clients and the like.
And it's their problem?
The reality is that there is hell to pay should a marketing plan, strategic or personal information (for example) be lost due to theft, negligence, computer virus or any other daily occurrence.
A further reality is that changing legislation, specifically related to the protection of business-critical and personal information, makes it imperative for companies and organisations to take appropriate steps to safeguard their data (with substantial penalties for not doing so).
Yet, it is “their” problem?
GRC and business continuity
Any honest IT manager will tell you that their time, and that of their team, is already stretched to the limit without having the added burden of having to deal with an anxious person from risk (governance and compliance).
The same honest IT manager will also tell you that assuring business continuity, while a pressing and ever-present problem, does not always feature high on a to-do list that shows no regard for the amount of hours in a day.
The reality is that governance, risk and compliance does need ITs involvement (and that of company executives), as it relates to the security of, and access to, company and personal data.
What. Where. How. When - helping Cibecs provide the answers
Moving on to the third instalment of the Cibecs 2012 Business Data Loss Survey. (http://www.surveymonkey.com/s/2012_data_loss)
The rise of bring your own device (BYOD) and the enterprise adoption of this trend form part of the question set in this year's edition. Other relevant topics include file sharing cultures and methodologies (such as Dropbox) at an enterprise level, current data protection technologies and failings, and the impact of GRC on IT departments, to name but a few.
What you need to take part?
* Five minutes of your time
* A desire to share your experience and knowledge
* A desire to receive our famous report and learn where you, and your company, stand.
The Cibecs survey sets the benchmark for relevant, insightful and useful statistics and analysis on the state of endpoint user data security at businesses and enterprises.
Our hope is that asking the tough questions will lead to more thought and debate among IT and business professionals alike.
Our hope is for a shift in attitude in relation to the security of mission-critical data.