Survey: 81% of U.S. firms lost laptops with sensitive data in the past year
Companies are struggling to protect hardware, data
Computerworld - Loss of confidential data -- including intellectual property, business documents, customer data and employee records -- is a pervasive problem among U.S. companies, according to a survey released yesterday by Ponemon Institute LLC and Vontu Inc., a San Francisco-based provider of data loss prevention products.
Eighty-one percent of companies surveyed reported the loss of one or more laptops containing sensitive information during the past 12 months, according to the survey, which queried nearly 500 information security professionals.
One of the main reasons corporate data security breaches occur is because companies don't know where their sensitive or confidential business information resides within the network or enterprise systems, Larry Ponemon, chairman of the Ponemon Institute, said in a statement.
"This lack of knowledge, coupled with insufficient controls over data stores, can pose a serious threat for both business and governmental organizations," Ponemon said. "Moreover, the danger doesn't stop at the network, but includes employees' and contractors' laptop computers and other portable storage devices."
Ponemon, whose research firm is based in Elk Rapids, Mich., is also a columnist for Computerworld.
Other findings of the study include the following:
- Handheld devices and laptops ranked highest among storage devices that posed the greatest risk for sensitive corporate data, followed by Universal Serial Bus memory sticks, desktop systems and shared file servers.
- Sixty-four percent of companies surveyed reported that they have never conducted an inventory of sensitive consumer information.
- Sixty-four percent also reported never having taken an inventory of employee data.
- Eighty-one percent of respondents reported that protecting sensitive "data at rest" is a priority this year, and 89% predicted that it will be a priority next year. The survey defines data at rest as all electronic information found on storage devices within an organization's IT infrastructure.
Asked "How long would it take to determine what actual sensitive data was on a lost or stolen laptop, desktop, file server or mobile device?" the most frequent answer was "never," according to the survey.
More than 53% of respondents believed that their companies would be unable to determine what sensitive or confidential information resided on a USB memory stick if it was lost or stolen. And approximately 49% of respondents said that their companies would be unable to determine what lost data resided on a handheld or comparable mobile device, according to the survey.
"Corporations are clearly struggling with the challenges of identifying and protecting sensitive data, as well as developing successful strategies for securing confidential information stored among the myriad devices that make up today's data networks," said Ponemon. "Our findings point to the shockingly high risk to both business and consumers of undiscovered confidential data, but we believe that the data also serve as a compass to help point organizations toward effective solutions to this vexing problem."
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts