Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Data leakage survey results available

Orthus : 04 December, 2007  (Technical Article)
IT department personnel responsible for majority of corporate data losses according to survey results
Orthus has released the results from monitoring over 100,000 hours of user activity captured over the last year through the delivery of their unique Data Leakage Audit Service.

The research analysed the ways in which users accessed, processed, stored and transmitted corporate sensitive information including personal information, financial information, and intellectual property. It identified which users were removing sensitive data, where they worked and exactly how and when it was removed. The results were surprising.

The findings showed that information technology (IT) personnel were responsible for an overwhelming 30% of all incidents of data leakage identified during the course of the year's research. The finding strongly supported the premise that trusted users are the most likely to be the source of information leaks.

The analysis identified exactly who and how sensitive information assets are removed from the corporate infrastructure providing time and date stamped visual evidence of these "data leaks".

The analysis identified that the following departments were responsible for the amount of data leakage identified:

* Information Technology Department - responsible for 30% of the incidents identified
* Customer Service Department - responsible for 22% of the incidents identified
* Other - (Non-Traditional Departments, third party and contractors) - responsible for 16% of the incidents identified
* Sales Department - responsible for 12% of the incidents identified
* Operations Department - responsible for 10% of the incidents identified
* Marketing Department - responsible for 6% of the incidents identified
* Human Resources Department - responsible for 2% of the incidents identified
* Legal Department - responsible for 2% of the incidents identified

Richard Hollis, Managing Director of Orthus said "The research proves the rule: that the higher level of access privileges - the greater the propensity for abuse. Companies need to address the insider as the primary threat to their business. Until this is done no real security can be achieved".

The research was accomplished through the deployment of software agents on endpoints, servers and terminal servers. The software visually recorded evidence of data being removed through unauthorised actions. The research for instance identified if and when sensitive information was sent or copied to an unauthorised device (such as a PDA, MP3 player, USB flash drive or mobile phone) or if it was uploaded or transferred through an unauthorised application (IM or social networking sites).

Each audit was customised to include keywords and phrases specific to the individual companies, as well as a list of files folders and shares containing particularly sensitive information.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo