All the latest UK technology news, reviews and analysis
|
|
|
26 Oct 2009
Chief information officers from the public and private sectors have reported over 350 incidents of data loss to the Information Commissioner's Office (ICO) in the past year, it has been revealed.
A Freedom of Information request made to the ICO by business software vendor Software AG turned up 356 separate incidents, over 150 more than occurred in the previous 12-month period.
Most of the incidents involved portable computing devices, including 71 lost memory sticks and CDs, 127 stolen devices including laptops, and 24 incidents of data lost in transit by couriers, according to Software AG.
A further 78 incidents were characterised as "data disclosed in error", which could include misaddressed packages.
"Organisations are failing to learn from previous examples. They continue to gamble with sensitive data via risky transfers rather than implementing a robust infrastructure to ensure that information is moved securely," said Tim Holyoake, lead technologist at Software AG.
"Few data losses have occurred where organisations have invested in secure, electronic data transfer technologies. This begs the question of why chief information officers are not insisting on greater use of these solutions."
Latest stories from Privacy
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Software Engineer - Performance - Permanent - Cheshire...
Leading Financial Services Company requires experience...
TOM, Business Analyst, Loan IQ, Process, Risk, Operations...
ASP.NET Developer - MVC, JavaScript, MS SQL, CSS, HTML...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Tip of the iceberg
This news exposes the extent to which data loss has come to. With another two high profile breaches this week the security industry is taking yet another hammering by the press and each organisation?s customers by failing to adequately protect private records. It?s the tip of the iceberg as to the problem though - we?re more concerned about the number of breaches going unnoticed and unreported! At least these organisations acknowledged the breaches ? many companies don?t even monitor for or can?t detect such losses. Databases are always going to attract security attacks ? especially for identity theft given the type of information they hold. There?s a huge black market out there for personal data - bank account details sell for 5-10% of the account value and credit card data can sell for up to £30 per account. Take this and multiply by the 51,000 records at Zurich or the data for the 0.5 million CV?s at The Guardian, and whoever did this would have a pretty nice payday. It?s widely recognised that 100% prevention of these types of violations is very difficult, but organisations need to be even more vigilant in managing processes and procedures for protecting sensitive data and also monitoring access rights (and keeping on top of it ? a policy is great, but only if you maintain it!). They need to consider threats and attacks from both internal and external threats and protect all data copies, locations and platforms. It should be actionable in real-time to detect, alert and prevent. The need to preserve the confidentiality and integrity of data and monitor privileged user activity is driving CIOs and auditors to re-consider their strategy for database security and impose stringent controls across database systems. It?s critical they implement a workable, secure solution and that they not only act upon it, but that they maintain processes and stay up-to-date with patches and controls. Compliance demands it and the public expect it. Guy Churchward, CEO, LogLogic
Posted by: Guy Churchward, CEO, LogLogic 27 Oct 2009