Slashdot Mirror

← Back to Stories (view on slashdot.org)

Most Companies Admit Their Data Is At Risk

Posted by Soulskill on from the at-least-they're-honest dept.

Weblver1 writes "A recent survey of IT professionals published by web security firm Finjan shows that data-theft should be a good reason for concern. Based on answers from 1,387 professionals, 25% acknowledged that their organization has been breached. What's worse, 42% did not know and could not exclude a breach, reflecting on the number of organizations that could potentially be breached without anyone knowing after the fact. Other findings we should be concerned about include 82% of Healthcare IT respondents admitting that medical records are at risk of data-theft, and 68% of all sectors admitting sensitive corporate information can be compromised by cyber-criminals. Finjan's report is available here (PDF, registration required). This survey comes a week after Forrester Research found in their survey that IT security spending is expected to rise (or at least remain the same) — with the current level of data breaches and sensitive data that is not protected well enough, there is a good reason for it.

6 of 60 comments (clear)

  1. Could not exclude a breach by Anonymous Coward · · Score: 2, Insightful

    Wouldn't a completely honest answer to this question be "yes" 100% of the time for even the best security.

    I like that kind of paranoia in security people. I'm glad 42% answered yes and hope to get those numbers even higher in future.

  2. Do you trust me? by BadAnalogyGuy · · Score: 4, Insightful

    Do you trust the people you work with? Any individual in any business can access all sorts of material information.

    Maybe it will be leaked to someone outside. Maybe it will be inadvertently passed in an email reply. Maybe someone will break in and steal an unguarded laptop.

    There is no way to protect any data. The medical records everyone cries over is already shared with your doctors. Do you trust their secretaries? Do you trust the software makers and the maintenance/service engineers who come to diagnose software problems?

    There is no privacy, and there is no secret information. There is only information which has not yet been leaked. And your only hope is that any information that is leaked is already moot by the time it becomes public.

  3. And 33% think they are immune? by nmos · · Score: 4, Insightful

    Personally I'd be more worried about the other 33% who seem to think they could not possibly have had their security breached.

  4. Well, duh. by julesh · · Score: 3, Insightful

    25% acknowledged that their organization has been breached. What's worse, 42% did not know and could not exclude a breach

    No, that's not worse. That's _better_. Those 42% are being realistic. Realistically, unless you're one of a tiny percentage of people who either (a) receives so little traffic they can audit it all or (b) can be 100% certain of the security of all the software they're running, you should be in one of those two categories: breached, or don't know whether you've been breached but can't exclude it.

    What's _actually_ worrying is that 33% of respondents think they are in one of these two categories, when in actual fact I'd suspect the figure is less than 1%.

    (FTR: my company is in the 'breached' category. We had a worm infect one of our servers via a BIND bug back in 2000 or so, although the infection was apparently unsuccessful... it seemed to rely on there being a line feed on the end of the last line of /etc/inetd.conf, and our file didn't have one. I can't, obviously, rule out any breaches since then, but am reasonably confident there haven't been any.)

  5. the possible and the probable by petes_PoV · · Score: 2, Insightful
    Everything's at risk - the question is: how much risk and do these risks justify the benefits (of leaving thins as they are), or should money be spent on reducing the risks.

    Until someone can quantify these risks, the whole survey is pointless. Although it does make a nice, juicy headline for the innumerate masses.

    --
    politicians are like babies' nappies: they should both be changed regularly and for the same reasons
  6. Would they even know? by khasim · · Score: 3, Insightful

    For industries that aren't feeling those pressures, sometimes breaches of security will motivate them.

    From TFA:

    25% of the respondents reported that their data had been breached, with an overwhelming 42% of respondents who could not exclude the possibility of a breach

    I'd be more interested in those who DID believe they could spot a cracker after the fact.

    I'm not talking "what's this daemon running on my server" or "why are all these warez on my server".

    I'm talking someone cracking your server and copying your data last year. Without installing anything that could be traced.

    There are very few people who really know that their systems have not been cracked. And those people would be the ones who would be instantly aware if they were cracked tomorrow.

    I'm fighting with our programmers right now about how they should put confidential information on our website. They want to link from the website in our DMZ to the database server behind our firewall. So anyone who can crack the webserver has a direct line to our database server.

    But all of the other approaches are "too hard" or "too time consuming".