It doesn’t have the panic-fostering ability of a massive worm or the intrigue of online espionage, but data loss is a very real and significant risk for any business organization. And if a data loss incident is serious and far-reaching enough, it can certainly grab and hold on to headlines. However, for many organizations, data loss prevention has typically been a “we’ll-get-around-to-it” item, at least beyond protecting any data that relates to a compliance measure, such as PCI DSS or HIPAA.
But after watching other well-known companies suffer embarrassing (and preventable) breaches that have affected millions of customers and damaged brand reputations, more organizations are beginning to understand the importance of proactively protecting their data.
The thought of insiders making mischief, particularly during the recent financial crisis, has many executives feeling nervous. They wonder what intellectual property and other sensitive data have slipped away with former employees because no one removed access rights or paid attention to whether employees had been collaborating via unsecure, online applications.
And what about mobile devices, like smartphones and laptops? Are employees using equipment supported or allowed by the enterprise strictly for business purposes? (The answer: probably not.)
Add the cloud to this list and consider that large portions of critical data are being sent outside of the organization—and out of its control.
As businesses make data loss prevention a higher priority, they quickly realize how complicated the process can be, and how securing data is only the tip of the iceberg. There’s the challenge of figuring out what needs to be protected, then the various “silos” must be convinced to coordinate and communicate, finally organizations must determine who (or what functional group) will be responsible for managing the effort. Not to mention, determining what technology solutions are available for protecting data and enforcing policy.
Protecting sensitive information is a complicated undertaking requiring dedicated resources, the active involvement of many stakeholders, and the support of technology. But it is a necessary process, and in the long term, could save your organization from brand damage, loss of business, and legal and financial repercussions brought on by a security breach committed by just one insider or hacker.
Excerpt from Cisco 2009 Annual Security Report: Highlighting global security threats and trends. Copyright © 2009 Cisco Systems, Inc. Download the complete report online.