IT Security: The Data Theft Time Bomb - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

09:40 PM

IT Security: The Data Theft Time Bomb

While viruses and worms remain the most pesky security problems, data theft concerns simmer beneath the surface, according to InformationWeek's 10th annual Global Information Security survey.

So are security pros focusing on the wrong things? Yes, says Jerry Dixon, director of Homeland Security's National Cyber Security Division. "You need to know where your data resides and who has access to it," Dixon says. "This speaks to the integrity of the data that resides in your databases, the data that you use to carry out your business."

When asked what security pros should be worried about, security researcher Bruce Schneier, CTO of service provider BT Counterpane, puts it this way: "Crime, crime, crime, and compliance."

It seems as though security pros are missing the point, choosing to focus on the security threats with which they're most familiar as opposed to emerging threats designed to cash in on the value of customer data and intellectual property. A careful reading of our survey's results, however, indicates that organizations are waking up to just how vulnerable their customer information and intellectual property are to data thieves.

chart: Reasons For More Vulnerability
For example, the No. 1 reason for feeling more vulnerable to attack this year, according to 70% of U.S. respondents, is the increased sophistication of threats, including SQL injections. A programming technique applied to Web site requests, SQL injections have one purpose: to steal information from databases accessed by Web applications.

The next three reasons for feeling vulnerable: more ways for corporate networks to be attacked (including wireless access points); increased volume of attacks; and more malicious intent on the part of attackers (i.e., theft, data destruction, and extortion). Our survey suggests that companies think they're being attacked less to bring down their networks--though that remains the primary outcome of cyberattacks--and more to have their assets (customer or enterprise data) stolen. Only 13% of U.S. respondents see denial-of-service or other network-impairing attacks as a top three priority, down from 26% a year ago. Chinese respondents were only marginally more concerned about denial- of-service attacks.

Some security pros may be blissfully ignorant. Botnets, which can take control of IT resources remotely and can be used to launch attacks or steal information, debut as a concern in this year's survey, though only 10% of U.S. respondents and 13% of Chinese respondents rank them as a top three problem. This may be because companies are often unaware that they've been infiltrated by botnets, which is exactly what bot herders are counting on.

Similarly, viruses, worms, and phishing are the top three types of security breaches reported by U.S. respondents. Seventh on the list: identity theft. But that doesn't mean that identity theft isn't a greater threat. Identity theft and fraud are worst-case scenarios for a company whose data has been compromised, but not having experienced them could be as much about luck as it is security. TJX was extremely unlucky in that some of the 45.7 million customer records stolen from its IT systems over the past few years surfaced earlier this year in Florida, where they were used to create fake credit cards and defraud several Wal-Mart stores of millions of dollars. By contrast, the VA, last year's poster child for data insecurity, lost 27 million records when a laptop was stolen from an employee's house, but so far no identity theft or fraud activities have been traced back to that security breach.

Here's another sign that data security is a growing concern: While U.S. respondents measure the value of their security investments first for their ability to cut the number of hours workers spend on security-related issues (43% of respondents), second in priority is how well these measures protect customer records (35%), and third is a decline in the number of breaches (33%).

Perhaps the most surprising stat of the entire survey is that nearly a quarter of U.S. respondents don't measure the value of their security investments at all.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2 of 5
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
Register for InformationWeek Newsletters
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll