Tag Archives: Ponemon Institute

Use of Encryption on the Increase

The results of a study which investigated the trends in the use of encryption to help protect data have been released and show that the use of encryption is on the increase.

The 2013 Global Encryption Trends Study which was conducted by Ponemon Institute and sponsored by Thales involved more than 4,800 business and IT managers in the UK, US, Germany, France, Australia, Japan, Brazil and Russia.

The results of the study revealed that there has been an increase in number of companies using encryption solutions over the last 9 years. 35% of organisations involved in the study revealed that they have an encryption strategy across the whole enterprise. This is an increase of 6% from last year where the reported figure was 29%. The number of companies involved in the study who didn’t have any kind of encryption strategy in place has also dropped to 14% from 22% last year.

The main reason for the increase of implementing an encryption strategy was to help reduce the impact of a data breach. The main reason for these concerns is because of the ever increasing threat of cyber thieves and cyber hackers which resulted in a record number of data breaches in 2013. This shows a shift in the thinking of business and IT managers as their main reason for implementing an encryption strategy was to help protect the company’s reputation.

The companies who believed that they had an obligation to report any data breaches, nearly half of the companies involved believed that they wouldn’t need to disclose any details that they had actually suffered a data breach if the data was encrypted.

One of the major issues that the business and IT managers find with utilising encryption strategies is key management. More than half of the respondents rated the difficulties of key management more than seven out of ten whilst 30% of respondents ranked it as nine or ten out of ten.

The chairman and founder of The Ponemon Institute, Dr Larry Ponemon, stated, “Encryption usage continues to be a clear indicator of a strong security posture but there appears to be emerging evidence that concerns over key management are becoming a barrier to its more widespread adoption.

Ponemon added, “For the first time in this study we drilled down into the issue of key management and found it emerging as a huge operational challenge. But questions are and should be asked about the broader topics of policy issues and choice of encryption algorithms – especially in the light of recent concerns over back doors, poorly implemented crypto systems and weak key management systems.”

By ensuring that data is encrypted can go a long way in ensuring the security of the data if it falls into the wrong hands. However, there is no guarantee that just because the data is encrypted, that the data is safe as there have been instances where the encryption keys have been successfully hacked resulting in the data being unencrypted. Encryption should be the last line of defense in data protection as the best way to ensure that it remains safe is to ensure that a strong security plan is in place and that security software is kept up to date. This will help to prevent the data from falling into the wrong hands to start with.

Education in data security can also go a long way in helping to reduce the risk of data falling into the wrong hands and by no means, should be overlooked.

In order to support a security plan, a robust backup solution should be in place to ensure that data can be recovered if it is lost, deleted or modified by staff, cyber hackers or thieves.

U.S. Insurance Company loses nearly 2 million personal records

Following on from last weeks blog, it appears another Californian based organisation has suffered a substantial data breach.

On Monday, Health Net released a statement saying it had lost the records for 1.9 million people from its hard drives. The data could have information pertaining to people’s names and addresses as well health and financial information. The company states a full investigation has been launched.

The missing data was spotted by IBM, who support Health Net’s IT infrastructure, when they couldn’t locate nine hard drives running on the company’s servers within their data centre.

Beth Givens, director of consumer organisation Privacy Rights Clearinghouse, says the breach is one of the top 20 security breaches since 2005 in the whole of the U.S. And with the drive containing un-encrypted data was of concern; she goes on to say “The fact that a server drive is unaccounted for is astounding. Under California law this wouldn’t even be a breach if the data had been encrypted. And relative to the expense of notifying affected individuals, (encrypting records) is not expensive.”

No statement was forth coming from the company itself beyond the news release. Given the recent statistics from the Ponemon Institute concerning cost to a company per lost record ($214 per record), the financial implications of this breach could be sizeable. Health Net also suffered another data breach in 2009 when a USB hard drive went missing from their head quarters in Connecticut with the loss 1.5 million customer records.

Health Net is offering two years of free identity theft insurance and credit monitoring to help those affected, with a hotline being set up for individuals concerned by the current breach.

Businesses failing to fund system security improvements, survey finds

A new study has found that most businesses around the world are unprepared for attacks from cybercriminals, despite the fact that most are well aware of the heightened risks facing unprotected businesses in the current climate.

Vistrom sought the help of the Ponemon Institute in order to conduct this survey and it concluded that, although the growing number of attacks which manage to breach security and compromise the integrity of data, only around 33 per cent have actually upped their investment in protection and preventative measures. Meanwhile half of respondents said that they were aware that their current funding could not cope with the increased risks and complex attacks.

Thirty eight per cent of European organisations said that they had reason to suspect that a cyber attack levelled against them by a foreign nation had already occurred, which compares relatively favourably to the 56 per cent of US firms who expressed this feeling.

The threat of cyber attacks against governments is also playing on the minds of those in business, with 60 per cent of European respondents saying that they expected a major incident to occur within two years. Seventy eight per cent of US firms attest to this opinion.

Almost 90 per cent of those questioned said that isolating and identifying cyber attacks is incredibly hard and a comparable number said that fixing the issues they cause in a timely manner is also taxing.

Security expert, Dan Turner, said that it was widely recognised amongst businesses that there was a need to ameliorate the security systems which protect against data theft and cyber attack. He went on to explain that it was equally true that many businesses lack the resources to adequately arm themselves against invasive infiltration by criminals or international espionage operations.

This is clearly a significant and widespread issue throughout the business world and the public sector and many vendors are working hard to make it easier for firms to shore up their defences, without increasing their overall IT spending.

The importance of conforming to PCI DSS

PCI commentators and recent surveys have again reinforced the importance of the Payment Card Industry Data Security Standard, as well as highlighting the penalties and pitfalls of ignoring PCI DSS guidelines. Writing for Infosecurity Magazine, independent security analyst Mark Gillespie collates and analyses recent findings which support and promote PCI DDS.

Gillespie identified the current confusion surrounding the application of and adherence to PCI DSS. Since its introduction in 2004 a number of big name brands have incurred fines for improper protection of cardholder data. The highest profile case occurred in 2007 when high street chain TK Maxx was penalised for a lack of adequate safeguards in its payment card system. Continue reading

Data protection is a must for all companies according to the experts

All business organisations have important information stored in the form of data. In most cases the data is very sensitive and can contain the personal details of many people. So it is essential to protect the data from being stolen or accessed by unwanted people.

Research and surveys have shown that more than half of the ex-employees of any company have with them data which is of immense importance to the company. Thus Mike Spinney, a senior privacy analyst of a reputed research organisation called the Ponemon Institute, is of the view that every company must have a viable data protection strategy.

Mike Spinney is just one expert from a group, all of whom think likewise. As losing important data can not only cause problems for the company but also lots of people in many ways, it is important thus to protect data by encrypting it.

Online backup is the easiest and the most economic way to protect any database. Online backup is a method of storing data which is encrypted and then stored on a distant server. Thus online backup is also helpful as a disaster recovery solution.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal