|
Loss of confidential data doubles in two years |
|
|
|
| Internal breaches a growing security concern as information loss becomes more common |
| Written by Vawn Himmelsbach, on Tue-June-2008 |
Page 1 of 2
Even though there’s more awareness of cyberspace security threats, the loss of confidential information and intellectual property has doubled over the past two years.
According to the CA Canada 2008 Security and Privacy Survey, more than 20 per cent of organizations reported a loss of confidential information as a result of security attacks and breaches this year, up from 10 per cent in 2006, while loss of intellectual property doubled from eight per cent to 16 per cent.
“The nature of security threats is what’s changing,” says Renee
Lalonde, vice-president of CA Canada. In the past we saw a lot of
malware, phishing and keylogging attacks. Now we’re seeing an increase
in internal breaches, mainly from employees and ex-employees.
Five years ago, less than five per cent of survey respondents
identified internal breaches as a key security challenge – this jumped
to 30 per cent in 2006 and 33 per cent in 2008. Eighty-six per cent of
large Canadian organizations says they suffered an identified security
attack in the past 12 months, and of those, 17 per cent reported lost
revenue, customers or other tangible assets as a result.
“The adoption of an enterprise security strategy is very complex,” says
Lalonde. “It’s a maturing market and it’s an evolving market.”
Organizations are now focusing on where a breach is going to come from
– how to address it and how to keep their security strategy evolving.
And this is where an Identity Access and Management (IAM) strategy fits
in. IAM solutions are a key area of investment, according to the
survey, and 50 per cent of Canadian organizations not currently using
an IAM solution plan to roll one out within the next 12 to 18 months.
What that does, says Lalonde, is automate employee access privileges.
If an employee working in HR moves over to the marketing department,
for example, those HR access privileges need to be revoked and new ones
– based on the new role – activated. “It increases controls, it reduces
risk and makes them more secure in terms of protecting their corporate
data,” she says.
But IAM is not problem-free. Sixty per cent of survey respondents, for
example, felt that central management and enforcement of policies that
ensure audit and legal requirements was a problem for their
organization, while 59 per cent felt that the creation, enforcement and
certification of role-based access was problematic.
Securing the right budget is also paramount to an organization’s
success; 40 per cent felt that their security budget was too low, and
only 36 per cent felt confident they could protect their corporate data.
“There’s a lot of good work going on out there,” says Lalonde. “We just
need to continue with augmenting the strategies they’ve put in place.”
According to the survey, 70 per cent of companies have already adopted
some form of a security strategy. “We’ve seen that companies who invest
more certainly suffer less,” she says.
|
