Digg it
Twitter
Most security threats come from inside organizations, but many violators don’t even realize they were doing something wrong, according to speakers at a panel discussion on data loss prevention.
In a recent user survey conducted by IDC, 56 per cent of respondents said e-mail was a source of confidential e-mail links.
Brian Burke, IDC’s program director for security products, presented the survey results during a Webcast Thursday, dubbed Back to School for DLP Education, hosted by Symantec Corp. of Cupertino, Calif.
More than a third of respondents identified Web mail or posts to Web sites as sources of breaches, while 19 per cent cited iPods and other devices that plug into USB ports.
“Three or four years ago companies simply did not know, didn’t have visibility to the fact that employees were committing these errors,” Burke said. “The fact that they’re actually aware of it now and they see it as a major driver signifies a major shift in the level of knowledge out there that this insider threat really exists.”
“We’re concerned about patient data going across an HTTP connection, it’s not even an HTTPS connection - and getting posted to Google, out of our control.”
Rivers said another major concern is the prevalence of U.S. social security numbers used on patient records.
“We have widespread use of social security numbers throughout the health care industry,” Rivers said, adding her company also gets confidential information about employees from firms over e-mail.
“The employers are often small, they don’t have the compliance background that we have and they don’t have the tools in place to send data securely, or they don’t use the ones they have,” she said.
Transmitting confidential information over the Web is also an issue for First Advantage Corp., a Poway, Calif. firm whose services include background checks on prospective employees, including including court records, employment history, liens and judgements.
“The biggest challenge we have is our company is we process a lot of personally identifiable information, whether it’s background checks, credit checks or drug testing for large employers,” said Kam Golpariani, First Advantage’s vice-president for security risk management. “We do everything we can to protect our customers data and we have to consider every type of device or system or exit point within our environment to have a good grasp on it overall.”
Although regulatory compliance was cited as important by most respondents to IDC’s survey, protection of intellectual property was also a major driver for DLP technologies,
“We’ve talked to a company that makes wall board,” Burke said. “We talked to a company that makes toilet paper, and these guys are very concerned about their intellectual property – how their product gets put together, design schemes, research plans and things of that nature.” The potential for data leaks through USB ports is real, Burke said.
“I have a 30 GB iPod,” he said. I could download the entire IDC research database and still have room for Desperate Housewives.”
icon.
CISO
RE: CISO
