The recent spat of data breaches against high-profile companies has not gone unnoticed by the IT security community. However, as a recent study showed, many security professionals haven't made the necessary moves to protect themselves from such threats.
The study, which surveyed IT security professionals at the 2011 Gartner Security & Risk Management Summit in Washington, D.C., found that 90 percent of attendees had at least discussed the attacks against Sony, Epsilon and others that occurred earlier this year. However, despite having an awareness about such threats, only 23 percent indicated that they have taken additional steps to ensure that similar incidents don't happen in their organizations.
Ron Gula, CEO of Tenable Network Security, which published the study, acknowledged that not every data breach necessitates companies completely overhaul their data security policies. But these incidents do provide an opportunity to raise awareness throughout an organization about the dangers of exposing sensitive data.
"[W]ith record-breaking exposures like what we've seen this year, there's an opportunity for us to learn and to educate employees about the implications of a security breach and reinforce existing policies and information security practices," Gula said in a press release.
A study released earlier this year by the Ponemon Institute estimated that 90 percent of companies have suffered some form of security breach in the last year. This seems to indicate that data breaches are all but inevitable.
However, this does not mean that data security is hopeless. There are a number of steps a company can take to minimize the effects of a data breach and ensure that the business' reputation remains intact.
One approach is educating employees about the dangers of data loss. As the Tenable study discovered, nearly half of all survey respondents indicated their organization had suffered a breach stemming for an insider threat, be it malicious intent or just employee error. By implementing security policies that stress the importance of employee awareness and training, many of these insider breaches can be avoided.
Additionally, companies must be diligent in their approaches to data protection. This includes continuous monitoring and assessment of IT systems and strict policy enforcement regarding devices that may contain sensitive information, such as USB drives and mobile phones and tablets. By taking these simple steps, companies can greatly reduce the challenges and negative publicity that often accompanies data breaches.