With the economic gloom worsening, the imperative for any organisation is to rein in the bottom line and cut costs.
Many organisations are responding by trimming their workforce. Not all will face problems, but a recent survey by the Department for Business Enterprise and Regulatory Reform found that the cause of the worst security incident suffered by 62 per cent of respondents was internal to their organisation, compared to 32 per cent in 2006.
The cause in these cases could have been inadvertent or a malicious act by a disgruntled employee, but such attacks can lead to sensitive information such as employee or customer lists being compromised.
Where a security breach leads to the leak of personally identifiable information, it is not only individuals who may be harmed. Corporate reputations can be damaged, and many of the regulations with which organisations must comply have real teeth and enforce severe penalties on those organisations that have failed adequately to protect sensitive data.
For example, the Payment Card Industry Data Security Standard requires organisations that handle credit card transactions to restrict access to the credit card data. As well as this, regulations regarding the notification of security breaches are becoming more widespread, and further legislation is expected soon from the European Union.
Information stored electronically is said to constitute as much as 90 per cent of the data produced by the average organisation today, and can be stored in any number of places from structured repositories such as databases and directories, to folders stored on individual devices.
In order to protect that information from being compromised, an organisation must put processes in place to ensure that it knows who is accessing what data with which applications and when.
However, computer networks are becoming increasingly porous, and the perimeters harder to define, as the number of users and types of devices connected to the network continues to grow.
Mobile technologies are now commonly used to access the network remotely, and such devices often come with large information storage capabilities, making it easier for data to be misappropriated or just handled carelessly.
And many more devices are becoming IP-enabled, including VoIP phones, physical access control systems, building automation systems, cash registers and many industrial devices.
To prevent data leaks, organisations need to ensure that access to these disparate systems is controlled, especially where they are being opened up to access by external agencies or third-party business partners.
With this in mind, the onus is on organisations to develop an enterprise-wide risk management strategy, encompassing good standards of corporate governance and regulatory compliance, and with an emphasis on identity and access management, vulnerability control and intrusion prevention. So how can this be achieved?
Climate change likely forced inhabitants of Indus Valley civilisation to resettle in the Himalayan foothills
Shift in weather patterns made agriculture almost impossible in the Indus Valley region
Researchers claim that the magnetic properties of a thin-film material can be controlled by applying a small voltage
Dubbed Antlia 2, the ghost galaxy sits just 130,000 light-years away from the Milky Way
Delays to the roll-out of age verification for adult websites hasn't stopped government from considering extending them to more websites