Forrester: Most Data Breach Incidents Come from Inside

News headlines may make it sound like there's always an organized cybercriminal syndicate waiting to break down the firewall and steal everything in the corporate network. Flashy headlines and referencing scary hacktivist groups may be good for the media, but those strategies also take attention away from significantly more common risks.

Not to say it isn't important to guard against external threats, but data security is largely about awareness. For example, if there's suddenly a spike in attacks against financial institutions in the United States, as was the case in September of last year, it's probably a good idea to shore up on network defenses and ensure antivirus software is up to date. However, it's far more likely that a data breach will happen for more mundane reasons.

Citing research from advisory firm Forrester, PCWorld columnist John Dunn noted that external attacks only represent approximately 25 percent of security incidents. Meanwhile, lost or stolen devices account for 31 percent of all data breaches and inadvertent misuse by an employee accounts for 27 percent. That means 58 percent of incidents aren't caused by malicious entities and could be mitigated by utilizing data encryption software effectively.

 

«It’s not simply just a matter of having the appropriate tools and controls in place,’ – said researcher Heidi Shey.«It’s worth noting that only 56 percent of information workers in North America and Europe say that they are aware of their organization’s current security policies.’

The article also mentioned mobility trends such as bring-your-own-device as a driving force behind the challenges faced in implementing data security solutions. As TechNewsWorld writer Richard Adhikari recently noted, mobile security is a legitimate concern with large increases in the amount of malware targeting smartphones. Despite the increasing volume of data mobile devices carry these days, they're not the only places for information to slip through the cracks. Shey noted that it is important that employees not only use data protection software but understand their company's data security policies.

Source

Nikolai Fedotov, Senior Analyst, InfoWatch : «Data encryption seriously reduces the number of leakages indeed. But while it solves the problem of confidentiality, it creates a problem of accessibility.

According to our surveys most companies don’t deploy data encryption software because of a concern that they might lose access to the encrypted data in case of any technical failure or keys loss, even an increasing processor and bandwidth load level doesn’t seem to be the biggest problem. And also there is an issue with compatibility during transfer or access data from different computers.

But as the cost of information is growing (value to the owner and the potential damage in case of disclosure), the amount of encryption technologies deployment also increases yearly».

l.12-.057c.834-.407 1.663-.812 2.53-1.211a42.414 42.414 0 0 1 3.345-1.374c2.478-.867 5.078-1.427 7.788-1.427 2.715 0 5.318.56 7.786 1.427z" transform="translate(-128 -243)"/>