There's no doubt that the management at Target had a miserable holiday season at the end of last year, between all the bad PR that came out about the online theft of 40 million customers’ data records—later revised to be even higher—the costs of providing disclosures and working with banks, and the headaches of potentially expensive lawsuits that are being filed.
Such is every organization’s nightmare, the price of openness and accessibility. When it comes to data, enterprises and their IT managers are squeezed between the need to make data accessible to anyone who needs it, while trying to keep out the bad guys. The threats to data security have never been more intense, and the repercussions in terms of public disclosure and lost customer trust never more imposing.
Survey Unveils Where Enterprises are Leading and Lagging in Enteprise Data Seucrity
Of course, there’s nothing new, unexpected, or surprising about the Target debacle. The warnings about data security have been sounded for years and they are not falling on deaf ears. A new survey of 322 data and IT managers finds there is a growing awareness among enterprise executives and managers about the potential issues to enterprise data security—not only from outside hackers and thieves but also from people inside organizations, often those with privileged access. Enterprises are making greater and more frequent efforts to monitor and audit data for evidence of security events. (“Data Security: Leaders Vs. Laggards—2013 IOUG Enterprise Data Security Survey,” December 2013.)
However, the survey also finds, organizations that are fully security-aware—leaders that practice prevention, detection and administrative controls across their data assets—are still in the minority of enterprises. Progress has been slow in building, and maintaining a security culture within organizations. There is greater awareness than ever of the threats posed by loose management of data within organizations, but at the same time, a failure to deliver on tools, technologies, and methodologies to protect sensitive data. This has been the case since 2008, the first year this series was published.
The survey was conducted among members of the Independent Oracle Users Group (IOUG), and underwritten by Oracle Corp. Field work and analysis was performed by Unisphere Research, a division of Information Today, Inc.
Human Error is Viewed as Greatest Risk to Data Security, Followed by Insider Abuse
When asked what they saw as the greatest risks, threats, or vulnerabilities to their data, human error came out on top, cited by 77% of respondents. Second was fear of inside hacks, cited by 63%, up from 57% in 2010. Along with greater awareness of insider threats, there is also more fear of outside hackers, up from 27% in 2010 to 44% this year. Concerns about IT staff abuse also remains at a high level, 48%.
Image courtesy of Shutterstock