According to new research from Forrester, only 25% of data breach cases are the work of external attackers. And only 12% of them were perpetrated by insiders with ill intent. That leaves 63% of the issues caused by something more mundane, like losing or misplacing corporate assets, the report has found. Physical theft of items like laptops and smartphones is part of the 63% as well, as is “inadvertent misuse” of company privileges and equipment.
“It’s not simply just a matter of having the appropriate tools and controls in place. It’s worth noting that only 56 percent of information workers in North America and Europe say that they are aware of their organization’s current security policies,” said researcher Heidi Shey in the report.
As for the victims of the breaches, employee and customer personal data accounted for 22% of cases reported, while intellectual property accounted for 19%. Sensitive identity management credentials like user names and passwords came in at 11%.
Forrester questioned more than 7,000 employees across North America and Europe for the survey, and also found that consumerization and the bring-your-own-device (BYOD) trend are fueling mobile security concerns in the enterprise.
Around 30% of survey respondents said that they didn’t think there was enough of a dividing line between consumer and corporate data on mobile devices. That spurred 39% to say that they worried about a lack of data leak prevention on mobile devices, with half concerned about the consequences of simple physical theft.
And indeed most organizations seem to have policies when it comes to mobile security, but most of them don’t have adequate protections in place because they lack the tools required to enforce those policies, Forrester found. While most mobile devices have native capabilities as measures against breaches – such as passcodes or passwords, and remote lock and wipe – almost 25% of those surveyed said they don’t have any form of data protection implemented on their devices.
All in all, it seems that employee training for security awareness is in order. “Whether their actions are intentional or unintentional, insiders cause their fair share of breaches,” wrote Shey.
05 October 2012
Wow, I can't believe only 36% of security breaches are external. Lost devices seem to be a bigg problem. For us, we knew it was an issue, since we are a hospital, and if a doctor looses thier cellphone and they have sent patient info by text or attachment, then we have a HIPAA violation and can get a fine or lawsuit. We have been struggling with this issue for some time now, but recently we installed a BYOD policy and paid for the doctors to use the Tigertext app for thier devices which is a secure texting app that is HIPAA complient and auto deletes the messages from the device so if they are lost or stollen we can still maintain compliance. It is not a full solution, but it takes care of what seems to be 64% of the problem.
25 September 2012
Your article caught my eye because the results are consistent with a conclusion from a survey Xerox and McAfee recently commissioned. More than half (54 percent) of employees say they don’t always follow their company’s IT security policies (33 percent) or aren’t even aware of the policies (21 percent). The results are dismal enough for the desktop and even worse for printers and MFD’s. For example, only 13 percent of employees whose workplace has a printer, copier or MFP said they are prompted to enter a password or passcode on the MFP before releasing a job they’ve printed or accessing the ability to copy. The conclusion is that either the is no policy for these devices to begin with, or if there is, the policy isn’t being enforced. The IT staff and the end users themselves are on the front-lines but they need to be backed up with the necessary training to avoid unnecessary data leaks. Larry Kovnat, Sr. Mgr. Product Securty, Xerox Corporation
Note: The majority of comments posted are created by members of the
public. The views expressed are theirs and unless specifically stated are not those
Elsevier Ltd. We are not responsible for any content posted by members of the public
or content of any third party sites that are accessible through this site. Any links
to third party websites from this website do not amount to any endorsement of that
site by the Elsevier Ltd and any use of that site by you is at your own risk. For
further information, please refer to our Terms & Conditions.
Comment on this article
You must be registered and logged in to leave a comment
about this article.