Better incentives required to stop data loss

By on

Organisations do not know enough about the source, reason and frequency of data leaks, and more incentives need to be put in place to encourage better data protection, according to a panel discussion at the Infosecurity Europe show in London.

Data losses are still a regular occurrence, and IT managers often have no idea about the scale of the breach, or whether it is accidental or intentional.

Lord Errol, one of the panellists, believes that this issue is compounded by recent job cuts across all businesses, which can add to what he calls the " fraud triangle" of pressure, opportunity and rationality.

He added that the punishments for data losses, both to individuals and organisations, are simply not strong enough, and that the current structure provides no real incentive for the effective prevention of data loss.

Lord Errol admitted that he was not sure of the best form of punishment, be it imprisonment, community service or higher fines, but stressed that the current low conviction rates and small fines are not much of a deterrent for cyber criminals or businesses.

Julia Harris, head of information security at BBC Future Media & Technology, agreed with Lord Errol's comments, adding that even the best policies will often be broken when an employee is under pressure to deliver. She added that it is imperative to make sure that best practices and policies are robust, effective and easy to follow, otherwise they will simply be ignored.

"Don't trust internal networks any more than the internet," Harris said. "In these days of huge global networks, remote working and increased interactivity, it is imperative to move controls closer to the data."

She concluded that IT security is often perceived as a necessary evil, and that the current economic crisis means that budgets are under increasing pressure. So it is important to get the backing of senior management to make sure that data security is not neglected or discarded.

Dan Blum, senior vice president and principal analyst at Burton Group, pushed for the development of more uniform cyber security laws, the implementation of proper privacy checks and balances, and more co-ordinated enforcement and response.

"We need to take a more tactical approach to protecting our data," he said. "For instance, encryption is great but trying to encrypt every bit of data in the entire business is like trying to boil the ocean, or at least a very large lake."

Incidents over the past 12 months have shown that human error has a major part to play when it comes to sensitive information being lost.

It is often the most junior member of staff who is given the "boring" job of back up, but this should no longer be the case given the strategic importance of sensitive data to the majority of businesses.

The panellists' comments were echoed by Alastair Molyneux, business development manager at data protection firm Kroll Ontrack.

"Companies often find it impossible to quantify the value of data within the organisation, and as such they need proper procedures for safeguarding information that are both robust and reliable. While cutbacks may have to be made, this should never result in exposure to unnecessary risk," he said.

"Ultimately, data protection policies should be uniform across an entire business, independent of the individual who is given the responsibility. This is the only way to ensure the best possible defence."

Copyright ©v3.co.uk
Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

New Windows 10 users, are you upgrading from...
Windows 8
Windows 7
Windows XP
Another operating system
Windows Vista
How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?