Research: Personal Information Top Target of Cyber Attacks
Customer, student, employee and patient information is most at risk for cyber attacks today, and defending that data is a top concern for IT professionals this year, according to the Data Loss Straw Poll, a national survey published today by CDW LLC.
Concern about data loss is well founded: One in four organizations has experienced a data loss in the last two years. Many organizations report breaches jeopardizing their network, email or other sensitive information, CDW found in its poll, which examines data security concerns across industries, including medium and large businesses, financial services and healthcare organizations and higher education institutions.
One IT professional at a financial services company noted: “Security is harder every day due to the ease with which personal information is gained.”
Data loss comes at a cost: A Ponemon Institute study published in March found that organizations suffering a data loss in 2011 paid an average of $5.5 million per breach, which translates into an average of $194 per record lost.
“The damage resulting from data loss -- to the bottom line and to an organization’s reputation -- is very real,” said Christine Holloway, vice president of converged infrastructure solutions, CDW. “Perhaps it should come as no surprise that IT professionals view data loss as the greatest business risk to organizations this year. As telework and access to mobile computing grows, preventing data loss is increasingly important -- and increasingly complex.”
CDW’s survey shows that the number of people accessing business networks increased by an average of 41 percent during the last two years. Inadequate security policies contribute to security challenges: While most organizations allow employees to access their networks with personal mobile devices, security policies for employee-owned devices are often less strict than for employer-owned devices. Twenty-seven percent of IT professionals said they do not have security policies for employee-owned mobile devices.
Organizations that give their data security an “A” grade layer nearly all available data loss prevention measures, including encrypted storage, backup and email gateway; endpoint data loss prevention and security solutions; full-disk encryption; and Web security filters. Organizations with “A” security are also more likely than others to require employee-owned mobile devices to comply with defined security procedures before they are granted network access.
Data loss prevention solutions help to protect personal, financial and research and development data, and they also flag any data being handled in a way that deviates from established security policies. CDW recently achieved Master Specialist designation in data loss prevention from Symantec. The designation recognizes investment and deep expertise in delivering advanced consulting and technical services in Symantec data loss prevention.
“No organization appears to be immune from data loss -- blue-chip companies, small business, schools and governments have been affected,” said Rick Hanson, senior director of sales, Symantec. “Prevention is essential. Organizations that layer security solutions to address network endpoints, data at rest and data in motion are more aware of potential security threats, less susceptible to breaches and better able to respond when a breach occurs.”