Not just public sector guilty of data breaches
By Leo King, Computerworld UK
An astonishing 55 percent of British companies have lost data, according to a new report.
And 49 percent of them have had over two breaches in the last two years, according to a survey of 785 IT professionals in the UK and conducted by the Ponemon Institute.
Around two thirds of respondents said negligence, including that of outsourcers, was responsible for data breaches, compared with only 10 percent who said hackers were a major cause. A third said insiders were a threat.
Many firms were unable to track data breaches and find the source of the problem. Some 44 percent said they were not confident they could even detect a breach in the first place, and over half take several weeks to notify any customers affected.
Only three percent were tracking changes made to data, such as when account details are updated, even though 91 percent said this was an important part of tackling the problem.
Six in ten firms said networks were one place they saw as having a high risk of data breach, and 51 percent said mobile devices were a threat. But it was not just technology that was at risk, as over half reported that paper files were a problem.
A worrying six in ten have not assigned responsibility for detecting and responding to data breaches. But 25 percent said it was the job of the chief information officer.
Atul Bhovan, UK technology manager at governance and management software supplier Compuware, which commissioned the survey, told Computerworld UK: “Businesses just don’t have enough information for an effective root-cause analysis when there is a data breach.
“They need to identify who is doing what, and if there’s a breach, how many customers are affected. It’s not just a case of addressing who can access data, it’s also about recording transactional screens to aid forensic investigation if any problems happen.”