|
A number of high-profile security breaches over the past year have drawn attention to the lack of security-preparedness at organizations of all shapes and sizes. But a study released Monday indicates just how widespread the potential damage may be.
The Ponemon Institute, a research body specializing in privacy, data protection and information security policy, released its 2009 Annual Study of enterprise encryption trends Monday. The study found that as much as 85% of U.S. organizations, from private corporations through to government agencies, may have been hit by one or more data breaches within the last 12 months. The number of companies experiencing more than five data breaches in one year rose 22%, up from 13% last year.
The study encompassed responses from close to 1,000 U.S.-based IT and security leaders and was conducted in cooperation with encryption technology vendor PGP Corp.
While the 85% figure is alarming, it should be noted that in 2008, the Ponemon study found 84% of organizations had reported at least one data breach in the previous 12 months. The overall message appears to be that organizations still aren’t getting the message when it comes to protecting their data, although they are paying it lip service.
One question asked by the Ponemon Institute it its survey was, what role does data protection play in your organization’s risk management efforts. For the first time since the study was initiated more than half - 58%, said it was very important. A further 22% said it was an important part of their organization’s risk management efforts.
Other key findings from the survey include:
• Encryption of data on mobile devices is high on the radar screen with 59% of respondents saying it was very important.
• More than 70% of organizations have executed or just launched data encryption strategies.
• Encryption was cited as being primarily used to protect data and mitigate breaches, but an increasing number of respondents said it was an important tool in preserving brand image and their organization’s reputation.
Unfortunately, some organizations have had to learn this lesson the hard way. In 2008 credit card payment processor Heartland Payment Systems suffered one of the largest data breaches reported to date. It will take some time for the company to wrap up the lawsuits it faces as a result of the breach, but it has taken steps to prevent breaches from happening again.
At the end of June the company announced it had completed the first step in a program to implement end-to-end encryption. The system encrypts data at the point of sale and transmits the data in encrypted form through to its central card processing platform.
Only registered users can write comments.
Please login or register. |
