Australian Enterprises Admit Information Security Is Out Of Control
Australian Enterprises Admit Information Security Is Out Of Control
August 30th, 2006: Workshare-sponsored survey cites email, portable USB devices and lack of policy enforcement as biggest risks for data leaks
Australian enterprises and government agencies are exposing their information to potential data breaches, according to a new, independent survey of senior security and risk professionals.
The survey reveals many organisations are failing to implement automated safeguards to enforce information security policy and prevent inadvertent disclosure or malicious misuse of customer, investor, employee and other information. Furthermore, few have automated processes to educate computer users about information security policies. Work email and portable USB devices were cited as representing the biggest threats to information security.
No control around information security
- Fewer than one-third (26%) of respondents at the 50 Australian enterprises surveyed believed they had their information security under full control.
- Australian security strategies remain preoccupied with the prevention of hacking and other unwanted network attacks. Only 44% of businesses automatically enforced information security policy compared with 84% that had solutions to protect their corporate network perimeters. The findings should urge businesses to refocus their energies on threats generated from within their own organisations.
Why have policies if they're not enforced?
- Information loss is unanimously seen as critical. 72% of businesses indicated they are concerned with losing financial information, while 83% are concerned with disclosing customer data.
- Far too many organisations are setting policies based on blind faith, relying heavily on the trust and integrity of their employees alone. 72% of businesses expressed confidence in security policy being followed by their employees, leaving information security prone to human error.
Security strategies fail to meet business needs
- Only 30% of respondents had any form of automated policy monitoring or user education in place, despite many organisations being concerned about disclosing their customer data.
- Only 16% of security professionals interviewed were "very confident" that security policies were being followed.
How is information leaking?
- 66% of respondents cited work email as the biggest risk to information security and 62% considered portable devices such as USB keys a major risk.
- The ease with which email and portable devices can be accessed by employees highlights the importance of automated control over information.
Commenting on the findings, Ms Samia Rauf, Director of Worldwide Corporate Communications for Workshare, said, "It is clear that the Australian business community and government agencies are highly sensitive to the importance and consequences of information leaking outside their organisations as there have been many publicised incidents recently."
"However, organisations are struggling to enforce and validate processes and policies that will help them to prevent data breaches. Information leaks are not new and it is now time for Australian businesses to wake up and do something about it. Lack of awareness is no longer an excuse - preventing financial loss and damaged reputation is crucial to survival in today's extremely competitive world."
The Australian survey findings concluded that private sector and government organisations must adopt automated processes to enforce information security policy if they are to assuage concerns and reduce risk.