Friday, November 10, 2006

The Weakest Link - People and Processes or the Tools and Technology?

Is it the people and processes or the tools and technology?
By Lafe Low
When you read the horror stories about data theft and security breaches in the papers (you do still read newspapers, don't you?), they're often less about technological capabilities and more about lack of resources. And sometimes, just for a change of pace, it's one head blaming the other. Talk about throwing up your hands and rolling your eyes. According to a recent survey by privacy research firm the Ponemon Institute in Elks Rapids, Mich., nearly two-thirds of security executives believe they have no way to prevent a data breach. Now, isn't that encouraging?
The National Survey on the Detection and Prevention of Data Breaches (get a copy of the survey from the Ponemon Institute) surveyed 853 randomly selected information security professionals about their data-protection practices. Despite numerous stories in the media about credit card numbers and the personal data of thousands of government workers floating about in the ether, attitudes about the state of data security range somewhere between hopeless and abysmal.

The study revealed that:
* 63 percent believe they cannot prevent a data breach
* 59 percent believe they can effectively detect a data breach
* 68 percent believe they could detect a large data breach (more than 10,000 files)
* 51 percent believe they are likely to detect smaller breaches (fewer than 100 files)
* 41 percent of companies surveyed do not believe they're effective at enforcing data security policy
The main reason these security professionals gave for failed enforcement? You guessed it -- lack of resources. There were 35 percent of respondents who stated that leak-prevention technologies are simply too expensive. One other interesting note from the survey was that 16 percent of companies surveyed believe they're invulnerable to a data breach. Ignorance must surely be bliss.