Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

US Commercial Data Security reaches crisis levels

Application Security : 10 December, 2009  (Technical Article)
With misplaced spending priorities, database audit failures and poor control over data protection, American businesses are losing their grip on data control
Application Security has announced the results of its 2009 "Database Security and Compliance Risks" survey with Enterprise Strategy Group. The study profiled 175 enterprise organizations, and the statistics revealed that enterprise organizations have reached a crisis state in database protection.

This study reveals that 60% of organizations don't feel their existing database controls adequately protect their organization's confidential data. In addition, the data reports that nearly 70% of organizations do not feel that their existing database controls are well-defined, indicating that over two-thirds of organizations lack an adequate plan and approach to protect confidential data.

The survey reveals that despite the fact that over two-thirds of organizations are spending moderate to significant amounts of time writing custom scripts, remediating compliance issues, and engaging in associated tasks, 38% of organizations still failed database security audits. The study further reveals the troubling statistic that less than 4% of IT budgets are spent protecting the data where it lives - in the database.

"We're at war with the cyber criminals and clearly we are not winning," said John Ottman, president and CEO, Application Security, Inc. "2009 saw a sevenfold increase in records breached, and our research is an acknowledgement by enterprise IT security executives that we are in the midst of a crisis."

"This year's data reflects increased risk to the enterprise database, and a clear lack of understanding of what it takes to protect confidential information," said Jon Oltsik, senior analyst, Enterprise Strategy Group. "Organizations must establish clear controls for database protection and consider re-prioritizing security budgets."

Additional key findings:

* Only 37% of organizations feel they meet compliance standards relative to protecting their company's information.

* Respondents cited that failed audits are largely based on a lack of an effective access control policy, reporting/audit process issues and multiple technology issues.

* Internal audits and Sarbanes-Oxley audits top the list of the types of security audits organizations are failing in 2009. The 2008 survey demonstrated that respondents reported higher failures rates for PCI, HIPAA, GLBA and FISMA audits.

* Over half of enterprises surveyed cite budget constraints as an issue impacting ability to protect their database systems - an indication that the economy is still playing a role in this growing problem.

* The two leading root causes of data breaches cited were human error (53%) and external attacks (34%).
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo