Leaking money

For modern enterprises, data is a key asset - and its loss can be catastrophic. But the actual risks of loss, and the factors that organisations must be aware of, are often very different to the hype.

  • E-Mail
By  Barry Mansfield Published  August 25, 2007

The technology trade press is dominated by security scare stories involving a range of villains and caricatures from disgruntled former employees and call centre staff, to rival corporations and even foreign spy rings. However, experts have been advising us to step back from the more sensational news reports and take heed of the wider security landscape. The most high profile instances of data loss - including the notorious 2005 attempt to steal around US$450 million from Sumitomo Mitsui bank in London - have provided a misleading impression of where the greatest security risks originate.

Paul Proctor, research vice-president at analyst firm Gartner, says: "Through 2010 we expect 80%-90% of sensitive information leaks to be unintentional, accidental, or the result of poor business processes." If companies are to prioritise their security budget wisely, they would do well to take heed.

According to Mark Murtagh, technical director for EMEA at Websense, there remains a significant gap between popular perception and reality when it comes to the information leakage issue. He emphasises that the internet is becoming ubiquitous for communications, and the risks for data to leak out of a corporate network go far beyond portable devices to any system that has internet access. "The by-now firmly entrenched image of the information thief with memory stick in hand provides a very small glimpse of the overall picture," says Murtagh.

Whether unintentional, intentional or malicious in nature, the ramifications of information leaks can be significant. According to the Ponemon Institute, the average cost per customer record lost is approximately $182. These costs are broken out into direct, indirect, and opportunity costs. Sources estimate the total aggregate cost of a breach to average $5 million. Crucially, those who regard data protection as soft law will continue to be surprised.

The entrenched image of the information thief with memory stick in hand provides a very small glimpse of the overall picture.

With the background of the Spanish data protection authority imposing swinging fines and the French CNIL using its new powers to levy a $62,000 fine on Credit Lyonnais, the UK'S Financial Services Authority (FSA) has penalised building society Nationwide more than $2 million following the theft of a laptop containing customer data from an employee's home. By its very nature an effective risk mitigation strategy can be a huge cost saver - albeit one that works silently and unnoticed in the background, bringing benefits that are not so clearly evident when things are going well.

As multinationals pour into GCC states such as Qatar and Dubai, more CIOs are having to face up to the challenge of how to protect company secrets in an unfamiliar environment where differences in working culture, language, regulation and available company resources make the task wholly different from what they are accustomed to back at HQ.

However, multinationals are not the only organisations focused on information leakage prevention (ILP). The GCC expects to invest more than $1 trillion in pursuit of economic diversification. While Plan Abu Dhabi 2030 has just been announced, it is estimated that development projects will total $400 billion. The emirate is positioning itself as a manufacturing hub, with plans underway for aerospace components and shipbuilding ventures.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code