A leaky system for protecting data
A recent survey of security professionals by the RSA Conference found that 29 percent had lost or exposed customer or employee data, but only 11 percent of respondents had publicly disclosed the loss. The survey results do not indicate how many of those incidents involved personally identifiable information that is required to be reported in many states. But given the results, it's a safe bet that the amount of exposed information is greater than officially reported.
The problem has gained a high enough profile that it now has its own euphemism: data leakage. It was the most common worry in the survey, with 49 percent of respondents listing it as their primary concern. It is probably no coincidence that lost or stolen devices, a common way of leaking data, was listed as the top security challenge by the same 49 percent of respondents. Employee errors and education came in a close second.
Forty-four percent of respondents also are worried that budgetary constraints raise the likelihood that, at any given time, a disproportionate amount of available resources will go to the threat du jour at the expense of other ongoing threats. This might be good for data leakage, but there still are a lot of boxes out there that must be patched and updated.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.