UK Survey Released at InfoSecurity: Slurping a major risk
UK Survey released at InfoSecurity: Slurping a major risk
April 26, 2007: “End point security” - as the control of downloading information on to PDAs, iPods, laptops, flash drives and USB sticks has come to be known - is a major chink in the armour of organisations, according to a UK survey by GFI software.
After analyzing the responses of 370 UK companies, GFI announced at InforSecurity 2007 that 65% of companies underestimated the threat posed by removable storage media.
Although 49% of UK companies surveyed are concerned about data theft, 65% do not consider the use of these devices on their network to be a security threat. On the contrary, 71% are of the opinion that the use of portable storage devices is important or very important to the company's operations.
The problem for business is to strike a balance between the use of portable storage devices – seen as important to worker mobility and information sharing – and the security of corporate and customer information.
The major driver in the US for the adoption of preventative measures is legislation that obligates the organisation to report data breaches, which is the major source of additional costs.
In the UK last February, the Nationwide Building Society was fined £980,000 by the Financial Services Authority after details of nearly 11 million customers had been put at risk by an employee who downloaded the data from the company's network. The FSA found that the building society did not have adequate information security procedures and controls in place, potentially exposing its customers to an increased risk of financial crime.
In Australia, the Privacy Commissioner has raised the issue of introducing laws similar to California’s 1386 Bill, but no progress has been made.
GFI's research also shows that 28% have no idea if they experienced internal security breaches/data theft because of the uncontrolled use of portable devices.
Andre Muscat, director, network security products at GFI Software said, "Insider threats are growing and companies need to be more aware of this threat because the repercussions can be enormous," Mr. Muscat said.
Other findings include:
• 37% said it was their company's policy to monitor portable storage devices; only 22% had some form of hardware or software installed to control their usage on the network.
• 83 per cent of UK companies surveyed admit giving their employees USB sticks or PDAs, and that portable storage devices enabled mobile working (76%) and data sharing easier (61%).
• 29% actually log what data is transferred to and from the network.
• 99% said they had anti-virus, anti-spam and firewalls installed but 78% had no means of controlling the use of portable storage devices; only nine per cent said they had other security measures or products in place.