Data breach cost hits £1.9 million per incident

By admin | March 29, 2011 | Leave a Comment 

admin

£71 per record is how much data breaches cost UK organisations in 2010 – up 13 per cent from 2009, and amounting to a massive £1.9 million per incident. These findings were part of an annual study looking at the UK Cost of a Data Breach from the Ponemon Institute, sponsored by Symantec.

An interesting highlight of the study is that malicious or criminal attacks were found to be the most expensive form of data breach, at £80 per record. Such attacks accounted for 29 per cent of the total, up 7 percent from last year. The expenses associated with data breaches range from detection, escalation, notification, and customer churn due to diminished trust. The most expensive data breach included in this year’s study cost a company £6.2 million to resolve, up £2.3 million from last year’s most expensive breach. With such high costs, preventing data breaches is serious business.

Another noteworthy point is the increasing importance of mobile device encryption.  The likelihood of insecure mobile devices, like smartphones or tablet computers, accessing company data is 84 percent – an increase of 9 percent on 2009.  Organisations are recognising this risk with 64 percent stating mobile device encryption is very important or important, an increase of 13 points from 2009.

The full report can be found here, and we’d recommend organisations follow these best practices, whether or not they have suffered a data breach:

1.     Assess risks by identifying and classifying confidential information
2.     Educate employees on information protection policies and procedures, then hold them accountable
3.     Deploy data loss prevention technologies which enable policy compliance and enforcement
4.     Proactively encrypt laptops to minimise consequences of a lost device
5.     Integrate information protection practices into businesses processes

- Robert Mol, director of product marketing, Europe, Middle East and Africa, Symantec.

Preparing the workplace for iPad 2 and other new consumer electronics

By admin | March 15, 2011 | Leave a Comment 

admin

Smartphones and PDAs have redefined and improved the workplace in recent years but also created new challenges for IT departments. Now tablets are making a splash in the market and last week the iPad 2 launches in the US. Therefore, the new Symantec Three-Minute Trend Series episode, discussing consumer electronics trends and how they affect enterprise IT couldn’t be more relevant.

Symantec Three-Minute Trend Series: Top IT Trends from CES 2011
TrendsfromCES

When 0.02% Is A Big Number…

By Guy Bunker | March 2, 2011 | Leave a Comment 

Guy Bunker

The latest Google outage has now been resolved, but it has raised a number of interesting points.

Firstly… while ‘only’ 0.02% of users were affected, that still amounts to 35,000 people – which is a lot, especially if you are one of them. It’s not so good to just be a statistic – especially if the statistic looks like a rounding error. A more personable approach without the stats would have been better. After it has all been resolved, the stats can be used to good effect.

Secondly… the cause was not clear, which doesn’t give confidence in the potential solution. Was it user error (which is the case of so many corporate IT outages) or was it an upgrade introducing a bug (another major cause of outages) or was it something else. It’s good to understand what happened – so that it can be clearly communicated to all those affected. (Which was also initially not clear… it was originally 0.08% of users… however, it is probably better err on the pessimistic side first – and then rounding down rather than having to round up!)

Thirdly, after the event, the service was up and running as quickly as possible so the users could do something (rather than nothing). It has taken a while to recover the data – but in the mean time, users were still able to work. We often call this a ‘degraded service’ – but this is so much better than none at all and one other service vendors should look at providing.

If you are a service provider, you should have a well understood plan which traces through the steps in the event of an outage. It should identify all the groups involved from the marketing and communications people to those working towards a resolution. Customers need to be kept informed – as should employees. The route to complete resolution needs to include the option of degraded service – and after it’s all over, remember to communicate how you will prevent it from happening again. In this case, perhaps it is more testing of a new version, or an improved deployment process (with the ability to back out rapidly in the event of a problem.)

Guy Bunker

An evening of debate at the Symantec Cyber Symposium

By admin | March 1, 2011 | Leave a Comment 

admin

Calm before the stormSymantec’s first Cyber Symposium took London by storm last Wednesday! We had great speakers who presented some intriguing thoughts and insight on where they see the future of the web. Our audience of industry thinkers contributed smart questions, which fuelled a debate that really made the evening.

Discussion was lively, with matters ranging from our increased global connectivity through social networks and the evolution of potential threats targeting smart devices controlling essential services like electricity. It also raised some questions, such as how might we learn from entomology and the ways nature protects itself from disease, as we continue to protect the enterprise from online threats?

While we may not have all agreed on some of the issues raised, one thing I think we all agreed on is that the internet is still young, and internet security even younger, with huge potential for the future. By working together, industry and academia could uncover valuable insight into protecting against many of the potential future threats discussed at the event. After last night, I am looking forward to another opportunity sometime soon to share ideas and thoughts over drinks with such a great crowd.

- Ilias Chantzos, Director of Government Relations, Symantec