Risk
12/27/2007
11:50 AM
50%
50%

Check Point Weighs in on NHS Data Loss

Check Point says data losses by UK's NHS are yet another example of lax security practice in the public and private sector

REDWOOD CITY, Calif. -- Following the admission by 9 NHS trusts that they have lost information on hundreds of thousands of patients, Check Point, a leader in data security, says that the losses are yet another example of lax security practice in the public and private sector.

This also reinforces Check Point’s recent research findings on the risks that UK businesses run of data leaks.

In November 2007 Check Point commissioned a survey of 140 senior IT staff, IT managers & directors in public & private UK companies. It found less than half (48%) had data encryption technology deployed in their organisation.

Nick Lowe, Check Point’s regional director for Northern Europe says: “The majority of the UK companies surveyed don't have the basic security measures in place to limit the damage of data leaks when disks go missing. And this is yet another example to show that disks do go missing all too often.

“Companies seems to be saying that ‘it can't happen here’, while not being able to stop it if it does!

“Solutions are easily available to control the use of CD drives and USB memory devices on PCs, for around £20 per computer or laptop. The solutions automatically encrypt ALL data being sent to these media, and cannot be disabled or got around by ordinary employees.”

The Check Point email survey gauged the opinions of 140 senior IT staff, IT managers and IT directors across a range of UK companies from both the public and private sector. It was conducted during the week of the HMRC data loss.

65% of IT managers and senior IT staff in UK companies said the recent leak of Child Benefit data by HMRC will not change their IT spending priorities.

However, the survey revealed that the organisations surveyed are still running the risk of data loss similar to HMRC. Less than half of respondents (48%) said their organisation had an encryption solution to protect sensitive data. 40% of the sample said their company did not have encryption, and a worrying 12% did not know if encryption was in place.

Check Point Software Technologies Ltd. (Nasdaq: CHKP)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
8 Key Building Blocks for Enterprise Network Defense
Networks are changing rapidly -- and so are strategies for protecting them. This Tech Digest looks at the fundamentals for the next-gen environment.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In this episode of Dark Reading Radio, veteran CISOs will share their experience and insight into how organizations can get the best bang for their security buck.