Data security enemy No. 1 – you looking at me?
Survey explores greatest threats, and why device encryption works only 45 percent of the time
- By Dan Rowinski
- Mar 31, 2011
Six million personal records are compromised every month, according to a recent survey by security company Absolute Software.
Lost and stolen personal computers lead to 40 percent of data breaches and 52 percent of network breaches, and mobile device endpoint management is becoming increasingly difficult for IT departments.
Geoff Glave, a product manager at Absolute Software, discussed the survey results and some of the challenges facing IT professionals in managing endpoint security during a presentation at the GovSec 2011 conference at the Walter E. Washington Convention Center in Washington, D.C.
At GovSec 2011, mobile command vehicles mix with social engineering
The survey of IT enterprise professionals done by the Ponemon Institute in conjunction with Absolute Software found some interesting trends in the IT management ecosystem that could be quite disturbing to the security gurus in the office.
Of the respondents:
- 92 percent had reported a lost or stolen laptop.
- 56 percent had disengaged device encryption.
- 57 percent share or write down user passwords.
- 45 percent of time device encryption has been proven to be effective.
Glave’s presentation focused on “mobile” mostly with the idea that a laptop PC is a mobile device. There is a generational divide in the enterprise as to what is the definition of “mobile computing.” Those under the age of around 35 years old tend to think of mobile as smaller devices – smart phones, tablets, net books etc. Older IT managers definition of mobile usually turns more to the PC side of the equation with laptops.
Data ubiquity is creating more chances for breaches, as information gets passed from one device to another and back. For instance, Glave was using a power point presentation on his laptop, a device that can access his corporate data and that data could end up on his BlackBerry only to be emailed back to the laptop or the corporate source. In a classic military parlance – the more links in the chain, the weaker the chain will be.
The interesting stat is that encryption is only proven 45 percent of the time. In reality, it is usually not the device, software, kernel encryption or the over-the-air data transfers that result in breaches, Glave said. It is people. Laptops and smart phones are lost and stolen, with 86 percent of IT professionals reporting that it had device lost with 61 percent of those resulting in a data breach.
Of the most persistent threats facing IT managers, Glave gave six top examples:
- Malicious employees.
- Complacent, inattentive employees.
- Contractors and outside sources.
- Inability to effectively track computer assets in and outside the office.
- Insufficient IT security compliance, oversight, authority, and training.
- Pervasive computing – technology is everywhere, data on the move.
Of the list, five of the six are based on humans acting maliciously or negligently, which indicates that, although on-device security is important to protect against the hackers of the world, training and cognizance are the most important aspects when considering endpoint security management.