Ponemon Institute Examines Security Risk Posed by Off-Network, Data-Bearing Equipment
Study Finds Vast Majority of Data Breaches Involve Unprotected Confidential Information on Off-Network Devices
On August 7, financial services firm Merrill Lynch reported the theft of a laptop computer from its New Jersey corporate office – a computer containing sensitive personal and financial information, including Social Security numbers, for 33,000 of its employees. Such breaches of confidential information have become routine news for one simple reason: though sparing no expense to guard the security of their networks, corporations often fail to protect data on devices that are disconnected from the network.
According to a new study by the Ponemon Institute, 73 percent of corporations experienced the loss or theft of a data-bearing asset in the last 24 months, yet those same organizations report limited efforts to manage this vulnerability. The new Ponemon report, National Survey: The Insecurity of Off-Network Security, will be discussed in detail today [22 August 2007] by study author Dr. Larry Ponemon, founder and chairman, Ponemon Institute, and study sponsor, Robert Houghton, president, Redemtech, during the Privacy Symposium at Harvard University .
Among the National Survey: The Insecurity of Off-Network Security's significant results:
- 62 percent of study respondents confirm or are unsure if their off-network equipment contains unprotected sensitive or confidential information;
- Yet 39 percent do not view the management of off-network data bearing equipment a critical component to security;
- 70 percent of data breaches result from the loss of off-network equipment; and,
- 30 percent say they would never detect the loss or theft of confidential data from off-network equipment.
“Protecting data that is stored on devices outside the confines and control of the corporate network is a problem for which many companies simply do not have a solution,” Ponemon said. “Our research shows that, while most companies recognize the risk off-network data poses, few seem to have a grasp on how to manage the many challenges off-network data present to maintaining a strong data security program, and many do not even have a policy to address the situation.”
“The cost of a security breach is astronomical, whether it occurs over the network or results from lost or stolen off-network assets,” Houghton said. “The results of this study should alarm CEOs who have customer or employee information, and a brand to protect. After years of effort to establish secure computing, many companies are neglecting this very basic risk.”
National Survey: The Insecurity of Off-Network Security is a web-based study of 735 senior IT security professionals. Copies of the study may be obtained through Redemtech