[Dataloss] 'Off-Network Data' Is Major Security Threat For Companies

security curmudgeon jericho at attrition.org
Fri Aug 24 15:30:55 UTC 2007



---------- Forwarded message ----------
From: InfoSec News <alerts at infosecnews.org>

http://www.informationweek.com/news/showArticle.jhtml?articleID=201801989

By Sharon Gaudin
InformationWeek
August 23, 2007 01:38 PM

A new study shows that 73% of companies have had a data loss in the past 
two years, but they've made only limited efforts to shore up their 
defenses and their protect data.

The study [1], which is being presented today at Harvard University's 
Privacy Symposium, reported that the majority of companies put their data 
at risk when devices like laptops and portable storage devices leave 
company walls.

"Protecting data that is stored on devices outside the confines and 
control of the corporate network is a problem for which many companies 
simply do not have a solution," said Larry Ponemon, founder and chairman 
of the Ponemon Institute, in a statement. "Our research shows that, while 
most companies recognize the risk off-network data poses, few seem to have 
a grasp on how to manage the many challenges off-network data present to 
maintaining a strong data security program, and many do not even have a 
policy to address the situation."

According to Ponemon, the study showed that 62% of those surveyed said 
they are unsure if their off-network equipment contains unprotected 
sensitive or confidential information, while 39% do not view managing this 
equipment as a critical security step.

With recent security breaches at the likes of Boeing, the Veteran's 
Administration and the FBI making headlines, Ponemon reported that 70% of 
data breaches result from the loss of equipment that leaves the confines 
of the corporate environment and either heads out on the road with mobile 
workers or home with teleworkers.

And it's possible that the numbers are worse than reported since 30% said 
they would never detect the loss or theft of confidential data from 
off-network equipment.

[1] http://www.redemtech.com/ponemon-study.aspx


More information about the Dataloss mailing list