Phil Vasic, ANZ Country Manager, Websense
Today’s security professionals in regulated industries face a daunting challenge in protecting the organisation’s most valuable asset: its information. Over the past few years IT departments have invested heavily to protect against breaches that compromise IT and information assets, however, their efforts have been focused on preventing outsiders from hacking into the organisation, not securing the company and information from insider threats.
Insider threats are not always malicious events or done with malicious intent. In fact, according to most industry analysts today, the majority of all leaks are the result of unintentional data loss from employees and partners.
Perhaps unwittingly by using Web-based email or instant messaging services, employees are circumventing the security precautions put in place by their companies. A recent independent survey of European small and medium sized businesses commissioned by Websense found that 63 percent of employees in the UK had sent work documents to their personal email accounts to work on them from home. This is a classic example of where honest employees could unintentionally leak sensitive information completely by accident, simply by sending an attachment containing confidential data and risking it falling into the wrong hands.
The high cost of a breach
The high cost of a breach can have a profound effect on organisation’s P&L, market presence, and competitive advantage as a result of damage to brand and reputation, and loss of customers and intellectual property (IP). The average information leak costs organisations around US$182 per record, according to the Ponemon Institute, averaging roughly US$4,800,000 per breach. That number doesn’t take into account the longer term affects of breach to an organisation that come from other cost factors including litigation or the loss of customer and investor confidence.
Organisations in industries such as financial services, healthcare, and government face additional challenges beyond the high cost of a breach. They must adhere to stringent industry and government regulations, which mandate the security of private or confidential information.
Information leaks don’t encompass only the loss of personally identifiable information. Financial services, healthcare, and government organisations must also consider the security of confidential information, such as IP, merger and acquisition plans, and other critical assets that are strategic to the competitive advantage of the organisation.
Addressing the problem with Data Loss Prevention solutions
To address the growing problem of data breaches and loss of information, many organisations are turning to their solution providers to help them implement a data loss prevention (DLP) solution, which is designed to discover, monitor, and protect information.
Unlike traditional threat based blocking solutions that restrict access to resources or control applications or communication channels, DLP solutions are designed to understand and enable policies for the information and the data itself. This allows the organisation to focus on protecting its unique sensitive information from unintentional or malicious leaks.
DLP solutions discover data throughout the network – on servers and endpoints – to provide organisations with the intelligence necessary to effectively design and implement content enforcement policies. They also monitor data at rest, in use, or in motion, providing complete coverage of business communications, both external and internal.
The problem of data loss
By Staff Writers on Apr 30, 2008 11:28AM
This article appeared in the 28 April, 2008 issue of CRN magazine.
In The Spotlight
Page 1 of 2 | Single page
Got a news tip for our journalists? Share it with us anonymously here.