The security division of value-added distributor Bell Micro today announced findings from a new independent research report which suggests that UK businesses are still failing to address the protection of data assets on the network from staff abuse, misuse or direct theft.
Nearly half (47%) of the respondents questioned at InfoSecurity Europe 2008 believed their companies were yet to implement real-time systems that would inform IT departments if security levels were breached.
This latest research follows similar reports in recent weeks suggesting that more than one third of IT directors say that their organisations have suffered either data loss or data theft internally – not to mention, of course, the latest in a spate of public sector security lapses, from confidential documents being left on commuter trains to laptop thefts from the Home Office and Ministry of Defence.
Most respondents in IT based roles (74%) recognise, and work to protect, against the danger of rogue connections such as customer or contractor laptops, and yet almost half (43%) were failing to enforce a policy of encrypting data on portable devices - such as personal laptops, PDAs and removable media. Worse still, 62% of respondents indicated that IT departments would be unable to detect if an employee copied data off a server onto a PC, laptop, USB stick or a disk.
This is further clear evidence of the unexpected knock-on effects of increased mobility and teleworking: consumer devices, together with business laptops, Blackberrys, mobiles and PDAs are increasingly falling into a grey area of unsupported devices, or computers that serve functions both in the office, at home, and on the journey in between.
This is the logical extension of the famous incident of the IT CEO who left his laptop unattended while speaking at a security conference – when it went missing, he realised that he had essentially allowed the entire company to be stolen by a passing stranger.
Despite the latest report, It's clear that policy, governance and good management are the only viable solutions here, rather than more technology. However, the problem for CIOs, especially those dealing with networks of outsourcing partners, is balancing the increased productivity and flexibility offered by teleworking, homeshoring and homeworking (which some studies put as high as 20-25%) with the increased security risk and potential for data or equipment loss and theft.
“What these findings show is that there is still a paramount need to increase attention to data management and protection in an organisation,” said Steve Browell, general manager of the Security Division at Bell Micro. “How data is encrypted, moved and stored must move up the business agenda, otherwise we are just leaving the gates wide open for the horse to bolt. The tools are already available but vendors, distributors and resellers alike must come together to deliver better education to customers and create a total service that can deliver true data loss prevention.”
While security remains a key investment for UK businesses, this latest research suggests that critical network security services are either yet to be broadly adopted or have been purchased but incorrectly implemented.