Bob Evans

Senior VP, Global CIO

BLOGGERS


NEWS

EMC Adds VMware Support To Retrospect

Retrospect 7.7 for Windows features integration with VMware Consolidated Backup, energy conservation, and a 64-bit engine.

More Stories

More >>

Email Print Share

2 Comments

Channel: Global CIO

See all blogs by Bob Evans

Won't Steal Corporate Data? You're In The Minority

Posted by Bob Evans on Dec 10, 2008 04:47 PM

The bad news on insider threats keeps getting worse: most respondents to a new database-security study think such attacks will accelerate in 2009 and that insiders will most likely be behind them. Yesterday I noted the huge risks from employees wanting some "insurance" in case they get laid off; today's culprits appear to be a mix of shortsighted budgeting, ignorance, and incompetence.

Yes, that's tough talk, but combined with new studies highlighted in yesterday's post about how a significant majority of employees are willing to steal corporate data out of fear of being laid off, these additional findings could well require CIOs to reset cybersecurity priorities and dollars. Just look at this answer to a question about which factors are keeping companies from improving the security of enterprise databases that those companies admit are vulnerable:

  • Don't have accurate inventory of our enterprise DB systems: 21%
  • Don't know which DBs contain secure, confidential data: 18%
  • Lack of appropriate DB security skills: 18%
  • Confusion over which group "owns" DB security: 15%
  • Lack of budget for security solutions: 40%

    • This is becoming a huge issue that CIOs will have to tackle in 2009, and these latest results from Enterprise Strategy Group underscore, once again, the grave danger posed by employees who are either looking to steal customer data or who are simply unaware of proper security policies. Look at these responses to a question about the root causes of confidential-data breaches that companies had to disclose in the past 12 months:

  • Insider physical method: 27%
  • Insider logical method: 23%
  • External logical method: 19%
  • Accidental loss of device: 14%
  • Combo of inside/outside: 11%
  • Don't know the cause: 4%
  • Human error: 3%

    • And, as if these numbers haven't caused enough heartburn and indigestion, let me heap on a few more habaneros: "Nearly 84% of respondents believe that all or most of their confidential data is protected. This perception is disconnected from reality, as the same respondents noted they failed security audits more than 33% of the time (HIPAA, SOX, FISMA, etc.)." This last bit is from a press release about the study from Application Security, which sponsored the study and said that contact information for obtaining a copy of the report is available here.



    This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

    Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.

    Important Note: This comment area is NOT intended for commercial messages or solicitations of business.


    Whitepapers

    CIO TV

    National Semiconductor Company takes the top spot on the InformationWeek 500 list of the nation’s business-technology innovators. ; 2008 InformationWeek 500 winner; collaboration; InformationWeek500 conference; innovation; National Semiconductor; product development; Techweb TV; Ulrich Seif; virtual inventory; Fritz Nelson spoke with Kent Kushar, the CIO of E&J Gallo Winery about what it takes to be the best and what qualities tomorrow's CIO should possess.; CIO's Uncensored; Gallo Winery; Kent Kushar; TechWeb; Tomorrow's CIO; One of the industry's leading CIOs, Ralph Szygenda, talks about what it takes to be a CIO and what tomorrow's CIO will have to do to prepare.; CIOs; General Motors; Informationweek; Ralph Sygenda; TechWeb; Techweb TV; Tomorrow's CIO; Fritz Nelson spoke with Dan Drawbaugh, last year's InformationWeek Chief of the Year, about what qualities tomorrow's CIO should possess. Dan is the CIO of the University of Pittsburgh Medical Center.; CIO's Uncensored; Dan Drawbaugh; Techweb TV; Tomorrow's CIO; CIOs from State of Michigan and National City Corporation Talk About the Innovative Projects their Teams Have Been Executing On, Including Core System Replacement and Business Portals; CIO Innovation; CIO Symposium; CIOs; Informationweek; MIT; TechWeb; Techweb TV; Scott offers his perspective on software innovation, the role of analytics in Disney's business, and more.; analytics; career; CIO; customer relationships; digitization; innovation; software; software as a service; Carter says the notion that innovation is dead is "preposterous!"; access; career; CIO; Connectivity; globalization; offshore outsourcing; software as a service; software innovation; Web 2.0; Redshaw sees a resurgence in software innovation and talks about the benefits of software as a service and SOA at Motorola.; business process management; career; CIO; software as a service; software innovation; Web 2.0; web services; Phillips talks about the benefit of global IT standards, innovation spending, and the future of IT careers.; business process management; career; CIO; global standards; governance; IT education; metrics; scorecards; Bailar discusses the role of IT in business growth, his must-read business book, agile development and he offers up some advice to the software vendor community.; agile development; business books; business performance; business process management; Call Center; CIO; customer relationships; innovation; IT effectiveness; productivity; Project Management; roi; scorecard; time-to-market; The co-authors of "The New Age Of Innovation" talk about their basic concepts of N=1 and R=G. ; CIO; customer intimacy; e-commerce; General Motors; globalization; Ralph Szygenda; re-engineering; GM's tech leader talks about consolidating, re-engineering, upgrading the company's application infrastructure. ; CIO; complexity; General Motors; globalization; integration; legacy systems; privacy; Ralph Szygenda; security; What does it take to be a CIO in the customer-oriented, globalized business environment today? Ask Ralph. ; business; CIO; customer intimacy; General Motors; infrastructure; Ralph Szygenda; supply chain; Learn how GM is building a global IT environment and what it takes to be labeled a dinosaur around his organization.; architecture; business acumen; business process outsourcing; collaboration; complexity; consumer technology; Global IT standards; globalization; IT management; real-time; roi; security; virtualization; Hear Randy's vision for the data center of the future and how he intends to slay the legacy monsters.; applications; business acumen; business processes; business-IT alignment; centralization; CIO career; complexity; data center consolidation; data centers; Data Warehouse; Efficiency; leadership; portfiolio management; reducing risk; roi; scalability; His challenge? Creating open environment for Internet users without compromising information security and privacy.; broadband; business acumen; capacity; CIO; CIO role; content generation; data centers; infrastructure; internet; privacy; security; social networking; video; Web 2.0; She considers business acumen just as important as technical knowledge for a CIO. Here's why.; business acument; Business continuity; career development; disaster recovery; IT recruitment; IT-Business Alignment; roi; security; wireless;