Need a Data Recovery? - Follow the simple steps below!
Send your Hard Disk to Salvation Data, 105 Upper Lisburn Road, Belfast, BT10 0LG
Send us your Hard Drive. Make sure to include your name and address inside package.
We will Recover your Data from your PC or Mac Hard Disk for 249.99+vat within 24-72 Hours not Weeks! We offer the best value service within UK.
You verify the data via email or telephone.
We will let you decide what method you want the data backed up.
We dispatch data to you on a next day service
Our Address: Salvation Data 105 Upper Lisburn Road, Belfast BT10 0LG Email us 24x 7 at sales@salvationdata.co.uk
Stopping data leakage: Making the most of your security budget - part 1
- by Sophos
Stopping data leakage:Making the most of your security budgetAfter years of battling intrusions, viruses, and spam, organizations now find themselves wrestlingwith a relatively new but hugely significant security issue: data leakage. By March 2008, the inadvertent exposure of company confidential information was already being cited by analyst IDC as the number one threat, aboveviruses, Trojans, and worms1. At the end of the year, 80 percent of respondents in anothersurvey agreed that data security was one of the biggest challenges facing them, with 50 percentof respondents admitting they'd experienced a data leakage incident in 2008.2 IDC's survey identified intellectual property as the most common type of information leaked and 81 percent of respondents saw information protection and control (IPC) - defined as monitoring, encrypting, filtering, and blocking sensitive information contained in data at rest, data in motion, and data in use - as an important part of their overall data protection strategy. The highest priority IPC solution was data leakage prevention (DLP) deployed atthe organization's perimeter and on endpoint computers.1
Importance of monitoring employee use1% choosing 4 or 5 on a 5-point scaleCorporate email 56%Lost/stolen laptop 51%Web email or web posting 37%Instant messaging 33%Lost/stolen mobile device 33%Media devices 19%Other 12%
The intentional or accidental exposure of information, ranging from legally protected personal information to intellectual property and trade secrets, is something that affects the IT environment in its widest sense, involving lostor stolen laptops, USB keys and other devices, email, and Web 2.0 applications, such as IM.
Respondents to IDC's survey demonstrate just how many points of exit there are (see figure 1).The challenge now is not simply to protect data from the threat of theft or corruption frommalware, but to add a second security layer preventing data being accessed if it is lost.
The growing importance of DLP
There are several reasons for the movement of data leakage prevention to the forefront of enterprise security.
High-profile, reputation-damaging data leaks
Bad publicity from data leakage can result in damaged reputation, lost customers, andsometimes even ruin for companies.
The number of well-publicized examples of data security breaches is growing significantly.Government bodies, financial organizations, education institutions, industry giants and even presidential candidates - no-one is immune
. Recent high-profile incidents have included:Secret government documents on al Qaeda and Iraq were left on a commuter train in theUK. (Jun 2008)The personal information of almost 1000 bank customers was lost by an employee of Bank of Ireland, after the data was copied onto an unencrypted USB memory stick which was then lost. (November 2008)4Stopping data leakage: Making the most of your security budgetAn email containing names, positions, salaries, and social security numbers of 192 faculty and staff members was accidentally sent to Ohio State University Agricultural Technical Institute students. Hackers were charged with stealing more than 40 million credit and debit card numbers from nine US retail outlets by breaking into the wireless networks of major retailers. An investigative reporter for MyFoxDC bought a Blackberry device during the McCain-Palin US presidential campaign's sale of its used office inventory, only to find 50 phone numbers for people connectedwith the campaign and hundreds of emails.
Regulations
Government legislation
Governments worldwide have introduced increasingly stringent data protection legislation,such as the US's Sarbanes-Oxley Act, HIPAA, and Gramm-Leach-Bliley Act, and the UK's DataProtection Act, to provide suitable controls over sensitive company information. Organizations found to be in breach of the legislation can be fined and forced to put solutions in place to prevent a recurrence. The California SenateBill 1386, introduced in 2003, was the first to require that organizations notify all affected individuals if their confidential or personal data has been lost, stolen, or compromised. This public disclosure is now required by 35 states.
Many regulations also require regular audits, which an organization may not pass if the rightcontrols are not in place.
Today, protection must focus on controlling access to the information, not on blocking the perimeter.
Cost of a data breachUp 11 percent since 2006Average cost per breach - $6.6 millionAverage cost per record - $202for heathcare - $282for retail breach - $131
Cost of lost businessUp 40 percent since 200569 percent of overall cost (compared to65 percent in a similar 2006 study)Source: Ponemon Institute8
PCI DSS
Alongside government legislation sits PCI DSS (Payment Card Industry Data SecurityStandard). Created by multinational corporations, it is enforced on merchants as a part of their terms of being allowed to accept credit card transactions. Organizations that cannot demonstrate PCI-compliance at anaudit are subject to sanction even if no actual data leak has occurred. PCI's reach across international boundaries and its ability to respond quickly to change - it last extended its scope in October 2008 - makes it as importanta security standard as any local or national legislation.
CostIn addition to legal costs, organizations have to deal with the less tangible costs of recovery andcommercial fallout, such as lost business, or withdrawal of credit card merchant status. Allthese costs have been rising steadily.
The dissolving perimeter and Web 2.0As business has gone online and become vastly more mobile, the 20th century security strategyof protecting the organization's perimeter with firewalls, intrusion detection, and other similartools has become insufficient. There are simply too many points of data entry and exit. Whileblocking the perimeter remains important,protection must focus on controlling access to the information. Stopping data leakage: Making the most of your security budgetThis need is growing exponentially with the totally different perspective introduced by Web 2.0 users. This new "employee 2.0" workforce brings a mindset that is highly tuned to sharing information on social networkingsites, posting to blogs, and emailing and IMing friends, with little or no regard to whether this isappropriate in a business context.
continued in part 2....
About the Author
This article was provided by Sophos. Sophos provides full data protection services including: security software, encryption software, antivirus, and malware.
