QuicksearchJoin our Google GroupPoll boxDo you think information security is given its due importance in Malta?
Archives StatisticsLast entry: 2008-11-18 13:41
113 entries written
76 comments have been made
|
Home | Contact Us
Friday, February 16. 2007Global Data Leakage Survey 2006 The InfoWatch analytical center has published its results for 2006 presenting the first global survey of internal information security (IS) breaches. The goal was to analyze all leaks of confidential or personal data, cases of employee sabotage or negligence, and any other breach of internal IS which had received at least one mention in the mass media during 2006. The survey is truly global since the analysis includes all internal violations regardless of the geographical location of particular company or government structures affected by insider sabotage. Thus, all patterns and tendencies revealed in the survey can be equally applied to companies of all industries and countries. This survey is the first global project targeted at the study of breaches of internal IS. In 2004, the InfoWatch analytical center began keeping a database of breach occurrences. Today, the database contains nearly 500 entries, 145 of which were added during 2006. This database provided the initial information for the survey.
The results of the survey naturally supplement the conclusions of the wide scale survey Internal IT Threats in Europe 2006 in which InfoWatch questioned more than 400 European organizations. However, unlike the latter project, Global Leakage Survey 2006 identifies tendencies in the development of internal threats of IS and how they happen. Key conclusions - For the most part, it is businesses that suffer from leaks of confidential information. According to the survey, 66% of internal breaches occurred in private companies. Moreover, businesses carry the main burden of loss caused by such leaks since a company’s competitiveness depends on its reputation, and reputation is the first thing to suffer in the event of an information leak. - In 2006, a vast number of people suffered from information leaks. Just 150 breaches exposed 80 million people to identity theft. Many of them are now at risk of becoming victims of swindlers, losing all their savings, or having their credit history ruined forever. - Every leak of personal information causes million-dollar losses. In addition to financial loss, a company’s reputation is ruined and hundreds of thousands of people face having their identities stolen. On average, 785,000 people suffered from every leak of private information in 2006. - Organizations which allow their employees to use mobile devices are in a high-risk group. The use of mobile devices led to information leaks in half of all breaches (50%); meanwhile, the Internet was used as a medium for leaks in only 12% of cases. - The main threat for a business is a lack of discipline among employees. Negligence led to the overwhelming majority of all leaks (77%) in 2006. This suggests that insiders can be found in any company. The sources of information leaks A survey of 145 breaches of internal IS shows that information leaks have a global character. One cannot point to any area of business or any particular geographical region where companies have rarely or never suffered from the activities of insiders. Small business and giant corporations, commercial organizations and governmental establishments all experienced cases of information leakage in 2006. Insiders managed to jeopardize the security of such strong and well-protected structures as military and special services. Again, such cases involved mobile devices and the Internet. Often, as a result, top secret information became freely available on the Internet, or ended up in the hands of journalists or foreign states. Read more... Comments
Display comments as
(Linear | Threaded)
I can't stress how important the findings of this survey are to the security community. Employee awareness plagues enterprises across the world, including the island of Malta. Employee negligence accounting for 77% of all information leaks, is an astonishing number. It is important for security teams across the world to recognize this culture problem, and take a stand. Security Managers must address what I call "traveling branches", that is employees that regularly carry large amounts of sensitive information, which would have been reserved for branch office not 7 years ago. Unknowingly these employees can be putting your company at risks, that are beyond anything left in your "secure environment".
|
Calendar
CategoriesQuick links
EnableSecurity
MadVIP.net MySQL Geek Computer Domain - MALTA SecGeeks Google Blogoscoped SIPVicious ExchangeInbox GiGa in Security Forensics Wiki Security Catalyst Forum Forensic Focus Google Online Security CCCure online testing Layer 8 InfoSec Writers Our GOOGLE group MaltaMeter SearchMalta.com Richard Bejtlich Previous | Next  Blog AdministrationRSS Feed |
|||||||||||||||||||||||||||||||||||||||||||||||||
