Despite data breaches, data security remains a low priority for many companies

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.internetretailer.com/2014/06/24/data-security-remains-low-priority-many-companies

While high-profile thefts of customer data from large retailers like Target
Corp. and The Neiman Marcus Group Inc. have garnered headlines, they
largely have failed to lead e-retailers and other companies to bolster
their security procedures, according to a new report by Ponemon Institute
LLC. The report was commissioned by Informatica, which sells software and
services aimed at helping companies organize their data.

The report, “The State of Data Centric Security,” is based on a survey of
1,587 information technology executives whose jobs involve protecting
sensitive or confidential data. The participants came from 16 countries.

Only 51% of respondents say that securing or protecting that data is a
“high priority” within their company.

That’s despite 72% of respondents saying their company suffered a data
breach within the previous 12 months. Among those who suffered breaches,
58% say that the incident could have been avoided with more effective
security technologies and 57% say they wished they had had more skilled
personnel with data security responsibilities.

79% of respondents say that not knowing where sensitive and confidential
data resides is a serious security risk facing their companies, and 59% of
retail respondents say that not knowing where sensitive is located “keeps
me up at night.”

The problem with many retailers’ processes is that too many employees can
access sensitive data, which they may then be able to export out of the
company’s network to software hosted by outside companies, such as
cloud-based customer relationship management programs, says Julie Lockner,
Informatica’s vice president of marketing and business development.

“Those decisions are made outside of I.T. and I.T. might not even know
about it,” she says. “And once it’s out there, getting it under control is
like herding cats.”

She suggests using tools like policy workflow automation that alert I.T.
when an employee is trying to copy sensitive data.

“Retailers have a ton of data classified as customer data that everyone
wants for analytics,” says Lockner. “But to be safe, retailers need
processes to avoid having that data proliferated outside I.T.’s control.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!