Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Orthus publishes data leakage survey results

Orthus : 28 November, 2007  (Technical Article)
After 100,000 hours of monitoring, IT security firm releases the results of its comprehensive survey into the sources of corporate data loss
Orthus has published the results from monitoring over 100,000 hours of user activity captured through the delivery of their unique Data Leakage Audit Service.

Surveys completed in the last 12 months have looked in detail into the ways in which internal users access, process, store and transmit sensitive information including personal information, financial information, product roadmap and future product detail, contracts, pricing information and HR records.

The findings from the survey showed that every organisation without exception had suffered multiple instances of data leakage - many of them serious and potentially very damaging. The results clearly show that the threat from within is both real and continues to be overlooked. Trusted users are the most likely to be the source of information leaks.

The analysis of 100,000 hours of user activity pinpoints exactly who, where, when and how critical information assets are removed from the infrastructure and demonstrated that the real problem - and the solution - is all about the user.

Key results from the survey showed:.

* Corporate data leakage was most likely to occur through mobile devices with 68% of all events identified linked to mobile rather than fixed desktop systems.
* Information Technology and Customer Services Departments had the highest incidence of data leakage.
* Most incidents of data leakage occur during the extended working day (7-7 Monday to Friday).
* The applications most favoured by users to remove sensitive data were identified as web mail, instant messaging (IM) and social networking web sites.
* The top 4 data leakage vectors were identified as mobile devices, web mail, removable media and corporate email.
* All data leakage incidents identified could have been prevented. Existing corporate security policies were not implemented, monitored or enforced.

Richard Hollis, Managing Director of Orthus said "Companies continue to try and protect information by protecting the architecture deploying devices to protect devices. They neglect the protection of data".

Richard went on to say "Until organisations accept that the majority of losses are associated with authorised users and implement the necessary controls where they are effective - between the user and the information itself - these losses will continue".

The analysis of user interaction with critical information is accomplished through the deployment of software agents on endpoints, servers and terminal servers. The software visually records suspicious or inappropriate actions. Is information sent or copied to an unauthorised device (such as a PDA, MP3 player, USB flash drive or mobile phone)? Is it uploaded or transferred through an unauthorised application (IM or social networking sites)?

The software enables the identification of information loss through virtually every vector available to the user.

Each audit is customised to include keywords and phrases specific to the target organisation, as well as a list of files folders and shares containing particularly sensitive information.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo