|
Information exodus: when layoffs mean data leakage |
|
|
|
|
| Written by Neil Sutton, on Tue-September-2009 |
Page 2 of 4
The fastest growing IT security threats are: unauthorized access of
data by employees; the prevalence of bots; and theft, often of laptops
or mobile devices that are left unattended or are improperly secured.
The biggest concerns, according to the Rotman-Telus report, are: damage
to brand reputation; time lost to cleaning up breaches; customers lost;
facing regulating action; and facing litigation.
Throwing money at the problem, i.e. increasing security budgets, can
help, says Alan Lefort, managing director of Telus Security Labs,
provided that money is invested wisely. According to the report,
Canadian companies best equipped to deal with security spent 15 per
cent of their IT budgets on it. The average is seven per cent, says
Lefort. At those levels, companies are struggling to keep up.
But money isn’t the only, or even the best remedy, says Lefort. There’s
a tendency to think that investing in IT security is enough to avoid
the potential pitfalls, and also a pervasive mindset that the biggest
threats are malware like viruses and Trojans. But that’s the “nuisance
stuff,” says Lefort. “It’s not the type of threat that has intent or
purpose.”
It’s targeted attacks aimed at specific data that organizations should
be mindful of. “A fundamental mindshift needs to occur,” he says. “You
can be a target.” Smaller companies may actually be more of a target
than larger ones because of perceived or actual weakness.
“Organizations need to come to terms with that. This is now the medium
of organized crime.”
There are steps that can be taken that would have minimal impact on
budgets but pay dividends when it comes to strengthening IT security.
Education of workforce and measurement of security objectives, for
example, are paramount when it comes to enforcing security, but both
are often glossed over by Canadian companies.
|
