Clearswift Survey: "When It Comes to Data Security Breaches, the General Public Doesn't Need to Know".US IT Managers Grappling with Increased Risk and Facing Higher Costs Results highlights: * 78% of IT decision-makers don't believe the general public should be informed if a data breach occurs; * 54% of U.S. IT decision-makers are unaware of data breach disclosure laws; * 53% are in favor of legislation that would force companies to publicly declare a data breach if it occurred; 38% are in favor of legislation that would make negligent loss of personal information a criminal offense; * 19% of companies have suffered a data loss in the last 12-18 months; 50% more than once; * 38% of IT managers have seen their annual IT spends increased by as much as 10% since data breach notification legislation was introduced. REDWOOD CITY Redwood City, city (1990 pop. 66,072), seat of San Mateo co., W Calif., on San Francisco Bay; inc. 1868. Manufactures include commmunications, electrical, electronic, and medical equipment. , Calif. -- When it comes to data security breaches, 78 percent of US IT decision-makers feel that companies do not need to inform the general public; this according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. a recent survey by content security specialists Clearswift. While respondents felt the general public did not need to know (78%), they did indicate that affected customers and partners should be informed (95%) while less than half of them felt that industry regulators (42%) or even the police (35%) should be notified. Of the U.S. organizations polled, 19 percent had suffered a data loss in the last 12-18 months, and of those, 50 percent had experienced more than one. Despite the fact that more than 89 percent of those surveyed said that data loss/data breach was a very important or critical issue to their organizations, the research indicated that they are still not locking down the transfer of sensitive information appropriately. E-mail is the most popular method of transferring confidential data (over 70% allow staff to transfer confidential data via e-mail), and yet over a quarter of businesses (26%) admit to losing data via e-mail. To counter the threat, 88 percent have security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security in place to prevent data breaches or data losses from happening. But 28% don't have e-mail content filtering See Web filtering and parental control software. solutions in place, 24% don't have Web content filtering in place and 24% don't have encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. solutions in place. Moreover, 23% don't have a policy on DLP (Digital Light Processing) A data projection technology from TI that produces clear, readable images on screens in lit rooms. DLP is used in all types of projection devices, from data projectors that weigh only a few pounds to large rear-projection TVs to electronic and 10% didn't even know if they had one. "The survey shows that US businesses consider DLP as very important, but that much still needs to be done to address the issues. With unclear policies and laws that are not thorough or well publicized pub·li·cize tr.v. pub·li·cized, pub·li·ciz·ing, pub·li·ciz·es To give publicity to. Adj. 1. publicized - made known; especially made widely known publicised there is a long way to go before companies really reach the point where data loss protection is truly addressed," said Mike Lisi, general manager, Americas for Clearswift. "The majority of the IT decision makers that we surveyed have both policies and security measures in place to prevent data beaches. While the majority are prepared, our research shows that when faced with the prospect of having to air some dirty laundry dirty laundry n. Informal Personal affairs that could cause embarrassment or distress if made public: Let's not air our dirty laundry in front of our guests. Also called dirty linen. in public, companies are not always confident they will emerge in a positive light, and feel that potential legislation enforcing disclosure could be expensive and create significantly more work for the IT department." While the threat of data loss or breach continues to increase, there are still organizations that have not invested in data security. Respondents indicated the following as the top three reasons why: * 21 percent feel that data loss prevention is not a security threat, * 37 percent do not have the budget to invest in data loss prevention solutions, and * 16 percent trust their employees to follow the corporate policy. When asked about the possible impact of data breach notification legislation, 49 percent of respondents that do not currently adhere to adhere to verb 1. follow, keep, maintain, respect, observe, be true, fulfil, obey, heed, keep to, abide by, be loyal, mind, be constant, be faithful 2. data breach notification legislation envision their annual IT spend increasing by at least 10 percent. In comparison, only one in five (20%) respondents who currently adhere to data breach notification legislation said they have seen no change in their IT spending since the legislation's introduction. Additionally, half (50%) of IT managers expect any new data breach notification legislation to damage the reputation of their organization, while only 32 percent of respondents adhering to this legislation claimed to have suffered damage to their reputation. Only 11 percent felt that data breach notification legislation would positively impact their business while 31 percent of those currently adhering to legislation indicated the legislation has had neither a positive or negative impact. "Clearswift's solutions are affordable and easy-to-use, which is what the market clearly needs," said Lisi of Clearswift. "DLP is a top of mind issue that companies will be grappling with for the foreseeable future. We will continue to provide the products and services needed to help organizations address these issues in the best way possible." "Nearly anyone deploying a DLP solution will eventually want to start blocking traffic. There's only so long you can take watching all your juicy sensitive data running to the nether regions of the Internet before you start taking some action," said Rich Mogull, analyst and founder of Securosis. "But blocking isn't the easiest thing in the world, especially since we're trying to allow good traffic, only block bad traffic, and make the decision using real time content analysis."1 "The exposure of confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead is now the single greatest threat to enterprise network security, according to IDC's latest Security Survey," said Brian Burke For the hockey executive, see . Brian Thomas Burke (born in Perth, 25 February 1947) was premier of Western Australia from 25 February 1983 until his resignation on 25 February 1988. In 1994, Burke was imprisoned for seven months after being convicted of rorting travel expenses. , program director at IDC. "However, the survey also showed that only 34% of organizations are currently budgeting for DLP solutions. The top barriers for DLP investment are lack of budget and the belief that solutions are too complex to manage." Lisi added: "Data loss and data breaches are becoming a bigger and bigger problem today, and companies need to evaluate their current security policies and measures to ensure that they are fully protected. A layered approach to security that monitors all content leaving the business and simultaneously managing multiple outlets is by far the most successful solution." Clearswift's content security technology helps companies monitor all content leaving their organization via e-mail and the Internet, preventing any confidential information reaching the outside world, whether sent accidentally or maliciously. At the same time, Clearswift can protect organizations from spam E-mail that is not requested. Also known as "unsolicited commercial e-mail" (UCE), "unsolicited bulk e-mail" (UBE), "gray mail" and just plain "junk mail," the term is both a noun (the e-mail message) and a verb (to send it). , viruses, spyware and web-borne malware (MALicious softWARE) Software designed to destroy, aggravate and otherwise make life unhappy. See crimeware, virus, worm, logic bomb, macro virus and Trojan. , as well as help define and enforce policies on acceptable Internet usage. About the research All the above figures, unless otherwise stated, are from Clearswift. Total sample size was 3,340 US IT decision-makers. Fieldwork field·work n. 1. A temporary military fortification erected in the field. 2. Work done or firsthand observations made in the field as opposed to that done or observed in a controlled environment. 3. was undertaken between March 10 and April 10, 2008. The survey was completed online. About Clearswift Clearswift helps organizations of all sizes conduct business safely over the Internet. Our policy-based content filtering and security solutions block bad content such as spam, viruses, malware, spyware and pornography; protect sensitive information by preventing leaks; and prevent time-wasting and abuse by controlling inappropriate use of the Web and social media while eliminating exposure to offensive content. Clearswift makes it easy to deploy, manage and maintain no-compromise e-mail and Web security across all gateways and in all directions. And our EAL EAL English as an Additional Language EAL Evaluation Assurance Level EAL Eastern Airlines EAL Emergency Action Level EAL Environmental Analysis Laboratory EAL Evidence Analysis Library (American Dietetic Association) 4 accredited accredited recognition by an appropriate authority that the performance of a particular institution has satisfied a prestated set of criteria. accredited herds cattle herds which have achieved a low level of reactors to, e.g. military and government solutions protect some of the world's most security-sensitive organizations. Our technology reflects twenty years TWENTY YEARS. The lapse of twenty years raises a presumption of certain facts, and after such a time, the party against whom the presumption has been raised, will be required to prove a negative to establish his rights. 2. of experience across more than 17,000 organizations with a pedigree pedigree Record of ancestry or purity of breed. Pedigrees of domesticated animals are maintained by governmental or private record associations or breed organizations in many countries. based upon granular granular /gran·u·lar/ (gran´u-lar) made up of or marked by presence of granules or grains. gran·u·lar adj. 1. Composed or appearing to be composed of granules or grains. 2. policy management; easy administration; and the ability to combine best-of-breed security tools into powerful, no-compromise defenses. Clearswift customers use the Internet with confidence. www.clearswift.com 1 Mogull, Rich, "Understanding and Selecting a DLP Solution: Part 3, Data-In-Motion Technical Architecture," September 18, 2007, Securosis.com |
|
|||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion