Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Data leakage survey results available

Orthus : 04 December, 2007  (Technical Article)
IT department personnel responsible for majority of corporate data losses according to survey results
Orthus has released the results from monitoring over 100,000 hours of user activity captured over the last year through the delivery of their unique Data Leakage Audit Service.

The research analysed the ways in which users accessed, processed, stored and transmitted corporate sensitive information including personal information, financial information, and intellectual property. It identified which users were removing sensitive data, where they worked and exactly how and when it was removed. The results were surprising.

The findings showed that information technology (IT) personnel were responsible for an overwhelming 30% of all incidents of data leakage identified during the course of the year's research. The finding strongly supported the premise that trusted users are the most likely to be the source of information leaks.

The analysis identified exactly who and how sensitive information assets are removed from the corporate infrastructure providing time and date stamped visual evidence of these "data leaks".

The analysis identified that the following departments were responsible for the amount of data leakage identified:

* Information Technology Department - responsible for 30% of the incidents identified
* Customer Service Department - responsible for 22% of the incidents identified
* Other - (Non-Traditional Departments, third party and contractors) - responsible for 16% of the incidents identified
* Sales Department - responsible for 12% of the incidents identified
* Operations Department - responsible for 10% of the incidents identified
* Marketing Department - responsible for 6% of the incidents identified
* Human Resources Department - responsible for 2% of the incidents identified
* Legal Department - responsible for 2% of the incidents identified

Richard Hollis, Managing Director of Orthus said "The research proves the rule: that the higher level of access privileges - the greater the propensity for abuse. Companies need to address the insider as the primary threat to their business. Until this is done no real security can be achieved".

The research was accomplished through the deployment of software agents on endpoints, servers and terminal servers. The software visually recorded evidence of data being removed through unauthorised actions. The research for instance identified if and when sensitive information was sent or copied to an unauthorised device (such as a PDA, MP3 player, USB flash drive or mobile phone) or if it was uploaded or transferred through an unauthorised application (IM or social networking sites).

Each audit was customised to include keywords and phrases specific to the individual companies, as well as a list of files folders and shares containing particularly sensitive information.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo