Vulnerabilities / Threats
12/2/2010
03:50 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Lost Laptops Cost Billions

An Intel-sponsored study finds that organizations fail to grasp the risk of lost laptops.

The study happens to note that while 46% of laptops were reported to contain sensitive data, only 30% of them had disc-based encryption, only 29% had been imaged for backup, and only 10% had anti-theft features.

Intel was also present as an example of what can be achieved through best practices. Intel chief information security officer Malcom Harkins revealed that Intel, out of 87,000 laptops, only loses about 700 per year. That's five to ten times less than the average loss rate at the companies surveyed.

Harkins said that as Intel shifted its focus toward mobility in the late '90s, the company made a concerted effort to build business processes that fostered security and encouraged employees to take responsibility for safeguarding their laptops. He added that Intel tries to be fairly permissive about allowing employees to store personal information on their laptops, which he said encourages a sense of ownership and responsibility. Acknowledging that some information security professionals see the mingling of personal and professional data as a risk, he said, "I think it helps more than it hurts."

Harkins added that one problem in dealing with the issue is that security teams tend to want to keep quiet about lost laptops and lost data. He said he understood that impulse but insisted that being open can help people recognize the risk of losing laptops.

"The biggest vulnerability we all face today is misperceiving risk," he said.

Kevin Beaver, an independent security consultant and expert witness with Principle Logic, offered an example of this misperception. He observed that companies spend significant sums to protect themselves from SQL injection attacks but fail to invest in laptop tracking or remote data wiping capabilities.

"Laptops are always the greatest risk in any given security assessment, more so even than smartphones," he said, noting that laptops simply have more data on them.

According to the study, the places where laptops are most likely to be lost break down as follows: off-site locations (43%), while traveling (33%), and inside the workplace (12%). And 12% of the time the location of the loss is unknown.

Laptops are stolen most often when people travel with them. Ponemon observed that security checkpoints are the place where laptops are most frequently lost. Diluting the irony, he added that security checkpoints are also where travelers recover lost laptops most often.

To underscore the need for organizations to manage laptops carefully, Ponemon recounted interviewing one woman at a company who had lost 11 laptops in two years.

"She claimed she wasn't really that careful with laptops because the only way she could get a better one was to lose it," he said.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: It's a tough joob but someone has to test the links.
Current Issue
The Changing Face of Identity Management
Mobility and cloud services are altering the concept of user identity. Here are some ways to keep up.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.