Risk
12/27/2007
11:50 AM
50%
50%

Check Point Weighs in on NHS Data Loss

Check Point says data losses by UK's NHS are yet another example of lax security practice in the public and private sector

REDWOOD CITY, Calif. -- Following the admission by 9 NHS trusts that they have lost information on hundreds of thousands of patients, Check Point, a leader in data security, says that the losses are yet another example of lax security practice in the public and private sector.

This also reinforces Check Point’s recent research findings on the risks that UK businesses run of data leaks.

In November 2007 Check Point commissioned a survey of 140 senior IT staff, IT managers & directors in public & private UK companies. It found less than half (48%) had data encryption technology deployed in their organisation.

Nick Lowe, Check Point’s regional director for Northern Europe says: “The majority of the UK companies surveyed don't have the basic security measures in place to limit the damage of data leaks when disks go missing. And this is yet another example to show that disks do go missing all too often.

“Companies seems to be saying that ‘it can't happen here’, while not being able to stop it if it does!

“Solutions are easily available to control the use of CD drives and USB memory devices on PCs, for around £20 per computer or laptop. The solutions automatically encrypt ALL data being sent to these media, and cannot be disabled or got around by ordinary employees.”

The Check Point email survey gauged the opinions of 140 senior IT staff, IT managers and IT directors across a range of UK companies from both the public and private sector. It was conducted during the week of the HMRC data loss.

65% of IT managers and senior IT staff in UK companies said the recent leak of Child Benefit data by HMRC will not change their IT spending priorities.

However, the survey revealed that the organisations surveyed are still running the risk of data loss similar to HMRC. Less than half of respondents (48%) said their organisation had an encryption solution to protect sensitive data. 40% of the sample said their company did not have encryption, and a worrying 12% did not know if encryption was in place.

Check Point Software Technologies Ltd. (Nasdaq: CHKP)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas in a thought-provoking discussion about the evolving role of the CISO.