At the CSO Interchange - a forum for chief security officers – held in London recently, 60 percent of senior security professionals present professed to having only "some idea" as to where their customer data is stored and "limited controls" over it.
Alarmingly, 9 percent of those present had not even yet considered data loss as a specific issue, although 72 percent see the impact of payment card loss on brand reputation as their biggest concern.
Speaking at the event, cross bench peer, Lord Erroll, a member of the House of Lords Science and Technology Committee, described the recent HMRC data breach as a "godsend".
"With luck the missing CDs have ended up in a landfill site but this fiasco will force the government to start taking security seriously and the powers of the Information Commissioner's Office will be strengthened," he said.
Philippe Courtot, chairman and CEO of Qualys and co-founder of the CSO Interchange added: "More than 70 percent of the security professionals attending CSO Interchange indicated that securing their networks and therefore the confidentiality of their electronically stored data is now harder than ever. The HMRC breach and other recent media stories are forcing this in to the open as a public issue. We must take these matters seriously and rethink the way security is provided online."
Managing risk was clearly seen as the biggest driver behind security strategy and executives know they need to improve at this. Half of those surveyed felt they could do better at articulating the impact of risks within their organisation as well as the impact of mitigating them financially.
There was clear recognition too for the risks posed by insiders within their organisation - with 75 percent citing this as greater than the risks from outsiders.
Lost HMRC data sounds wake up call for security pros
By Clement James on Dec 11, 2007 7:03AM