77% of Organizations Lost Data in 2010

According to Check Point and the Ponemon Institute, 77% of global organizations experienced data loss in the last year.  Key findings from the report, Understanding Security Complexity in 21stCentury IT Environments, show customer information was the most common type of data to be compromised at 52%, in addition to intellectual property (36%), employee information (36%) and consumer information (35%).  Either the numbers or the security practices are very, very wrong here.  From what I have seen, I don’t think it is the numbers.

With the adoption of Web 2.0 applications and more mobile devices connecting to the network, organizations are challenged with enforcing better data security and Governance, Risk and Compliance (GRC) requirements.  The primary cause for data loss resulted from lost or stolen equipment, followed by network attacks, insecure mobile devices, file-sharing applications and accidentally sending emails to the wrong recipient.  49% of all respondents believe their employees have little or no awareness about data security, compliance and policies.

Data Loss Prevention (DLP) from intentional and accidental disclosure remains a top information security challenge.  It’s important for businesses to understand the key issues driving data loss and establish a set of security best practices to prevent a breach.  In order to move data loss from detection to prevention, businesses should integrate more user awareness and establish processes to gain more visibility and control of information assets.

  • Understand the Organization’s Data Security Needs – Have a clear view and record of the types of sensitive data within the organization, as well as which types of data are subject to regulatory compliance standards.
  • Classify Data – Create a list of sensitive data types and designate the level of sensitivity.  Consider establishing a set of document templates.  Create end user awareness about corporate policies and what constitutes sensitive information.
  • Align Security Policies with Business Needs – An organization’s security strategy should protect the company’s information assets, without inhibiting the end user.  Define policies in simple business terms that are aligned with employee, group or organizational business needs.
  • Secure Data Throughout Its Lifecycle – Implement data security solutions that secure sensitive data in multiple forms and protect it while it is at rest, in motion, and in use.
  • Eliminate the Compliance Burden – Evaluate government and industry-driven compliance mandates and how they impact an organization’s security and business flow. Consider solutions with best practice policies customized to meet specific regulations, including HIPAA, PCI DSS and Sarbanes Oxley, for fast prevention on day one.  Best practice policies also enable IT teams to focus on proactively protecting data beyond the minimum requirements.
  • Emphasize User Awareness and Engagement – Involve the user in the security decision process.  Technology can help educate users about corporate policies and empower them to remediate security incidents in real-time. Combining technology and user awareness sensitizes employees to risky behavior through self-learning techniques.

For more information about Checkpoint’s solutions and access to the full report, visit: http://www.checkpoint.com/campaigns/3d-security/index.html.