Varonis Privacy and Trust Report

April 26, 2013

Even in an age of social media and voracious over-sharing, there are still times we need privacy online. When we engage in old-fashioned point-to-point communication, we expect the person or business at the other end to ensure that our interactions remain private. But it’s complicated.

In a new study conducted by Varonis, 91% of respondents say they trust businesses to keep their data safe despite a rise in breaches that now affects nine out of ten companies. In addition to expecting absolute security from service providers, the survey shows that 53% of consumers would be willing to pay a premium for organizations that reliably protect their data.

At the same time, consumer online habits have room for improvement. Though almost three out of four password protect their mobile phones, an alarmingly high 67% say they send unencrypted personal information in their emails.

Download the full report to learn how consumers deal with security and privacy challenges in their digital lives.

Download the Report

Enjoy, share, embed our infographic:

Varonis Privacy and Trust Report

Leave a Comment » | Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , | Permalink
Posted by david ricketts

A hacker’s dream: two-thirds of SharePoint users have no security policy

February 28, 2013

Even though Microsoft SharePoint is widely deployed throughout enterprises and SMBs as a collaboration platform, a shocking two-thirds of SharePoint-using companies in a recent survey have admitted to having ‘no active security policy’ in place for the application.

The situation translates to a smorgasbord of opportunity for a hungry information-hijacker, but one which could soon turn into an all-you-can-eat buffet. The study, carried out by Emedia and provided to Infosecurity on an exclusive basis, investigated a wide range of businesses from 25 through to 5000+ PC users. The study found that while about half (52%) of those surveyed were currently using SharePoint, the other half planned to adopt the application once its social networking enhancements were live.

“This is a data leakage time bomb,” said security specialist and UK Accounting Standards Board member Steve Bailey. “SharePoint is a very widely-used medium, and it’s growing fast, so it is remarkable that IT-savvy users are disregarding the security implications. This could be down to complacency, confusion as to where the responsibility for developing such a policy lies, or simply lack of awareness.”

Whatever the root cause, he noted that in many organizations, SharePoint use has grown organically to “become part of the fabric of the business without being subject to mainstream security controls.”

The employees themselves are part of the problem, but how to implement an IT policy that makes sense is a conundrum for many IT professionals – contributing to the lack of IT policy.

“Banning data sharing is not the solution – that’s both impractical and undesirable,” said Martin Sugden, CEO at Boldon James, which sponsored the study. “In fact, refusing to share data is inefficient and potentially dangerous. What’s important is striking the balance between the need to protect information and the need to share it.”

The survey concluded that a protective marking solution for labeling the data’s level of sensitivity needs to be implemented. Many government agencies use protective marking to minimize inadvertent disclosure of confidential information, while commercial organizations employ protective marking to control intellectual property or information containing customer data.

By clearly identifying sensitive information using a classification solution, it becomes easier to ensure that access control methodology is correctly connecting the right users to the right data, Sugden noted.

Yet the study discovered that 65% of respondents are not yet marking any of their data. A very low 9% of respondents said they protectively mark all emails, and the same percentage said they do the same for all documents. Only 17% of respondents said they mark all email and documents.

“When you consider that hundreds – and even thousands – of users could be accessing your SharePoint server, it makes sense to have a solid SharePoint security policy in place,” added Sugden. “[SharePoint] is a superb tool for creating routes into your data, but you can’t let your user group have unfettered access to data without giving them some method of understanding how sensitive it is – that’s why you have to label.

Steve Bailey warned, “Any business that relies on SharePoint to store sensitive or confidential data should always ensure that its users understand their responsibilities for the safe handling of that information. With the advent of BYOD this extends to employees and associates.”

He cautioned that recent high-profile breaches should serve as object lessons. “Otherwise we’ll have more examples such as the Police email that, according to the [UK's] Information Commissioner’s Office (ICO) ‘contained 863 pieces of personal information’. Police accidentally sent the email containing the results of 10,000 checks with the Criminal Records Bureau (CRB) to a reporter when a staff member copied the wrong person into a message.”

Thanks to http://www.thethreatvector.wordpress.com

Leave a Comment » | Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , , , | Permalink
Posted by david ricketts

Ernst & Young’s IT Security Survey Highlights

October 31, 2012

Many CIOs and chief information security officers are struggling to adapt security practices to a changing environment that includes cloud computing, social media and tablets , according to a survey of 1,850 such IT pros.

The Ernst & Young 2012 Global Information Security Survey published today found cloud computing to be one of the main drivers of business model innovation and IT service delivery, with 59% of respondents saying they use or plan to use cloud services. But 38% admitted they have not taken any measures to mitigate risks.

Use of social media in business is prevalent, but 38% of the CIOs and CISOs surveyed say they don’t have a coordinated approach to address risks, such as defending the organization’s brand or determining how employees use work time to engage in social media.

The Ernst & Young survey indicated that 31% of respondents said they saw an increase in the number of security incidents compared to the previous year.

SECURITY: DDoS attacks against banks raise question: is this cyberwar?

Another technology game-changer, use of mobile devices, such as tablets and smartphones, is compelling “policy adjustments,” according to over half of these IT professionals who hail from the financial industry, insurance, high-tech, government, and various industrial, retail and utility sectors from all around the world.

More than one-third say that company-owned mobile devices have been adopted but use of personal devices is not allowed for business. The survey found that 36% have acquired mobile-device management software and 31% now have a “governance process to manage the use of mobile applications.” Encryption plays a central role for 40% of CIOs and CISOs surveyed.

In terms of budgets for the next 12 months, 30% said they expect information security funding increasing from 5% to 15%, while 9% of respondents anticipate a budget increase of 25% or more. Security budgets are expected to remain the same for 44%. About a third said they spend at least $1 million per year on information security.

Just over half said the area of highest priority for them is business continuity, including management and disaster recovery. But one surprise, the report states, is that the second-highest priority is “a fundamental redesign of their information security program.”

This appears to reflect on the security gaps that these CIOs and CISOs acknowledge exist in their organizations adopting cloud computing and tablet adoption. 55% said they plan to spend more to secure new technologies, while 63% acknowledged that they felt they had “no formal architecture framework in place, nor are they necessarily planning on using one.” The Ernst & Young study indicated these IT professionals may feel they have “a patchwork of non-integrated, complex and fragile defenses” that creates gaps in their security.

Those that did have a defined security architecture pointed to the Open Group Architecture Framework, the ANSI/IEEE 1471:ISO/IEC 42010 standards, and other references such as defense department frameworks defined in the U.S. and the United Kingdom.

A major complaint from 43% of respondents is that they can’t find the right people with the right skills and training to handle information security jobs. And when asked what threats or vulnerabilities have most increased risk over the last 12 months, the answer at the top of the list was “careless or unaware employees,” followed by “cyber attacks to steal financial information.”

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com.
Read more: http://www.pcadvisor.co.uk/news/network-wifi/3407599/ernst-youngs-it-security-survey-shows-struggle-control-cloud-computing-social-media-mobile-risks/#ixzz2Arf70Dov

Leave a Comment » | Managed Service Hosting | Tagged: , , , , , , , | Permalink
Posted by david ricketts

The State of Data Protection [INFOGRAPHIC]

September 28, 2012

In the age of big data, businesses are creating, processing, storing, and sharing information at an alarming rate. A significant amount of the data is highly sensitive or confidential and should be properly safeguarded. It’s unnerving to think about the possibility of our own personal information sitting on servers, possibly unencrypted and open to everyone.

We hope that companies are complying with SOX, HIPAA, PCI, and other regulations but, as we know, hope is not a strategy – so we decided to take a hard look at the current state of data protection.

In March of 2012 we surveyed over 200 individuals in the IT community, asking about their current data protection practices and confidence levels, and how data protection practices correlate with data protection activities.

The results may surprise you. While over 80% reported that they store data belonging to customers, vendors, and other business partners, only 26% reported being very confident that data stored within their organization is protected.

Enjoy, share, embed our infographic and download the full report to learn which data protection activities truly matter.

The State of Data Protection

Leave a Comment » | Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , , , | Permalink
Posted by david ricketts

Follow

Get every new post delivered to your Inbox.

Join 751 other followers