A survey by Verizon Business has found that many firms around the world are injecting cash into the wrong areas of data security, resulting in deficiencies and significant exposure.
Over 40 per cent of spending on data security is allegedly wasted, according to the report, due largely to excessive investment in certain areas at the expense of lax security in other, more at risk portions of a business’ IT systems.
Internally instigated data loss is a growing concern for many businesses, and this is an area into which significant funding is being directed, but only 11 per cent of recorded data losses originate from internal sources, Verizon’s Peter Tippett told Computer Weekly.
Employees play a role in about a fifth of all data loss incidents, but experts believe that the most serious and frequently occurring thefts are carried out by a mixture of internal and external sources, and that carefully monitoring and controlling external access should be an intrinsic element of any security programme.
43 per cent of breaches were found to originate externally, although some form of outsider help was seen in 74 per cent of data loss or theft incidents.
Mr Tippett said that being complacent about external threats and focusing solely on internal risks would be inadvisable.
Mr Tippet also pointed out that businesses were obsessed with hastening security measures such as patching and fixing problems as they arise.
However, he believes that the two per cent improvement in security that these measures can offer pales in comparison to the 25 per cent improvement in data protection that can be achieved by simply removing weak systems that have easily crackable passwords.
Businesses are being advised to look into the simplest, cheapest measures such as these, as they are often the most effective way in which to combat data loss but are being largely ignored in favour of more expensive and less appropriate methods.
It is suggested that simply taking stock of the systems and data storage platforms that a given business is running can help to significantly reduce risks. Ultimately, identifying a loss or addressing a potential security weakness can only be performed if every system is properly examined.
