Celeram headerCeleram -- information acceleration and security

Information assurance banner

Information acceleration and security


Data security: the real issues

Most organisations have by now established good perimeter protection against external attack from hackers. Sadly, the majority of data breaches now come from within the organisation.

Nowadays, an organisation’s biggest IT security threat is not the one perpetuated by the media — the glamorous image of a sinister hacker working for a large cybercrime ring — but is far more prosaic. Research shows that organisations are usually more vulnerable to damage caused by insiders; careless staff, greedy or disgruntled employees, former employees, angry spouses.

This is reflected in surveys which show the most common causes of data being compromised:

Source: Ponemon Institute Survey 2004 Of the 163 companies participating, 122 (75%) reported a data security breach within the last 12 months.

Source: Deloitte Survey 2005 Financial Services companies reported a fall of 55% in security breaches due to external attack. Sadly; there was a corresponding 100% increase in security breaches due to internal problems.

The changing face of data security

Even large, reputable IT organisations are not immune to this problem, Apple, Microsoft, Cisco and AOL are just a few examples of companies that deploy state-of-the-art technologies but have nevertheless reported security breaches due to insider problems.

Authorities arrested an AOL employee for allegedly selling 92 million customer screen names to a spammer; key CISCO source code was downloaded and sold to a Russian web site, it is suspected employees were responsible; while Microsoft Intellectual Property was stolen from the databases of a development partner.

Ernst and Young estimates that a typical organisation loses about 6 percent of its annual revenue to fraud. That’s as much as the net profit margin for many companies, and the majority of those losses are caused by internal data being compromised.

Outsourcing only serves to increase the risk when organisation and customer data is often stored on a different continent and accessed by low paid and poorly motivated contractors. Accidents can, and do, happen, for example HSBC Bank suffered an internal security breach at their Bangalore data-processing unit, which led to £233,000 being stolen from customer accounts.

The UK Government’s DfT (Department for Transport) reported that eight database security breaches were committed by staff during the period 2001-2006 leading to 96 records being compromised. They also reported the problem as getting worse — over half the incidents occurred in 2006. And things haven’t improved:

If you want to avoid being one in a long line of bad data management statistics, get in touch and we’ll help. If you wish to read further, you can find out how security breaches occur.