AUSTRALIAN ENTERPRISE ADMIT INFORMATION SECURITY IS OUT OF CONTROL
Workshare-sponsored survey cites email, portable USB devices and lack of policy enforcement as biggest risks for data leaks
Sydney; August 31, 2006 Australian enterprises and government agencies are exposing their information to potential data breaches, according to a new, independent survey of senior security and risk professionals.
The survey reveals many organisations are failing to implement automated safeguards to enforce information security policy and prevent inadvertent disclosure or malicious misuse of customer, investor, employee and other information. Furthermore, few have automated processes to educate computer users about information security policies. Work email and portable USB devices were cited as representing the biggest threats to information security.
No control around information security
- Fewer than one-third (26%) of respondents at the 50 Australian enterprises surveyed believed they had their information security under full control.
- Australian security strategies remain preoccupied with the prevention of hacking and other unwanted network attacks. Only 44% of businesses automatically enforced information security policy compared with 84% that had solutions to protect their corporate network perimeters. The findings should urge businesses to refocus their energies on threats generated from within their own organisations.
Why have policies if theyre not enforced?
- Information loss is unanimously seen as critical. 72% of businesses indicated they are concerned with losing financial information, while 83% are concerned with disclosing customer data.
- Far too many organisations are setting policies based on blind faith, relying heavily on the trust and integrity of their employees alone. 72% of businesses expressed confidence in security policy being followed by their employees, leaving information security prone to human error.
Security strategies fail to meet business needs
- Only 30% of respondents had any form of automated policy monitoring or user education in place, despite many organisations being concerned about disclosing their customer data.
- Only 16% of security professionals interviewed were very confident that security policies were being followed.
How is information leaking?
- 66% of respondents cited work email as the biggest risk to information security and 62% considered portable devices such as USB keys a major risk.
- The ease with which email and portable devices can be accessed by employees highlights the importance of automated control over information.
[Please refer to the Notes for Editors for a list of recent data breaches at Australian and international organisations.]
Commenting on the findings, Ms Samia Rauf, Director of Worldwide Corporate Marketing for Workshare, said, It is clear that the Australian business community and government agencies are highly sensitive to the importance and consequences of information leaking outside their organisations as there have been many publicised incidents recently. However, organisations are struggling to enforce and validate processes and policies that will help them to prevent data breaches. Information leaks are not new and it is now time for Australian businesses to wake up and do something about it. Lack of awareness is no longer an excuse preventing financial loss and damaged reputation is crucial to survival in todays extremely competitive world.
The Australian survey findings concluded that private sector and government organisations must adopt automated processes to enforce information security policy if they are to assuage concerns and reduce risk.
Supporting graphics are available by emailing workshare@bmcd.com.au
About the survey
The Blind Faith: An insight into Information Security survey was conducted in August 2006 by Loudhouse Research, an independent research consultancy based in the UK. Commissioned by Workshare, the report petitioned 50 security and risk professionals in organisations of 1000+ employees in Australia. All respondents in the survey were responsible for information security, risk or compliance. Interviews were conducted via telephone using a Computer Assisted Telephone Information (CATI) system across Australia. The survey sampled organisations in the Financial Services, Retail, Public Sector and Business Services sectors.
Notes for Editors:
Recent examples of data leaks and privacy breaches of confidential information and their outcomes include:
- Australian Tax Office sacks 27 staff for privacy breaches Aug 06
- Centrelink sacks more than 100 staff for 790 cases of privacy breaches Aug 06
- Verizon reveals it inadvertently disclosed the customer details of 7,000 customers Aug 06
- AOL CTO quits and others sacked for privacy breach Aug 06
- US Department of Veteran Affairs leaks the data of 27 million American July 06
- Texan insurer CS Stars leaks details of 540,000 insurance claim recipients July 06
- Google market capitalisation drops US$4 Billion Mar 06
- SMIC loses face following results leak Feb 06
- Choicepoint fined $15M for loss of customer data Jan 06
- Westpac results leak incurs AUD$500k fine, 1-day trading suspension and share price fall of AUD$0.07/share December 2005
About Workshare
Workshare, an Information Security company, delivers Secure Content Compliance solutions to over 5,500 organizations worldwide. Workshare solutions uniquely combine policy enforcement, management control and user education to ensure safe information exchange without business disruption. Its products include Workshare Protect Enterprise Suite, Workshare Professional, DeltaView and TRACE! Workshare’s customer base spans small to large organizations in every industry segment with more than 58 percent of the Fortune 1000 and 85 percent of the ProServices 250. Over 900,000 professionals in 65 countries use Workshare software. The company has offices in San Francisco, New York, Chicago, Atlanta, Dallas, Washington DC, London, Frankfurt, Paris and Sydney. Workshare is the sponsor of www.metadatarisk.org, the definitive source for content security. For more information, visit www.workshare.com.
