OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Dataloss] 'Off-Network Data' Is Major Security Threat For Companies

From: security curmudgeon (jerichoattrition.org)
Date: Fri Aug 24 2007 - 10:30:55 CDT


---------- Forwarded message ----------
From: InfoSec News <alertsinfosecnews.org>

http://www.informationweek.com/news/showArticle.jhtml?articleID=201801989

By Sharon Gaudin
InformationWeek
August 23, 2007 01:38 PM

A new study shows that 73% of companies have had a data loss in the past
two years, but they've made only limited efforts to shore up their
defenses and their protect data.

The study [1], which is being presented today at Harvard University's
Privacy Symposium, reported that the majority of companies put their data
at risk when devices like laptops and portable storage devices leave
company walls.

"Protecting data that is stored on devices outside the confines and
control of the corporate network is a problem for which many companies
simply do not have a solution," said Larry Ponemon, founder and chairman
of the Ponemon Institute, in a statement. "Our research shows that, while
most companies recognize the risk off-network data poses, few seem to have
a grasp on how to manage the many challenges off-network data present to
maintaining a strong data security program, and many do not even have a
policy to address the situation."

According to Ponemon, the study showed that 62% of those surveyed said
they are unsure if their off-network equipment contains unprotected
sensitive or confidential information, while 39% do not view managing this
equipment as a critical security step.

With recent security breaches at the likes of Boeing, the Veteran's
Administration and the FBI making headlines, Ponemon reported that 70% of
data breaches result from the loss of equipment that leaves the confines
of the corporate environment and either heads out on the road with mobile
workers or home with teleworkers.

And it's possible that the numbers are worse than reported since 30% said
they would never detect the loss or theft of confidential data from
off-network equipment.

[1] http://www.redemtech.com/ponemon-study.aspx
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml