Attacks/Breaches

8/22/2007
03:48 AM
50%
50%

Ponemon Studies Off-Network Devices

Ponemon Institute examines security risk posed by off-network, data-bearing equipment

TRAVERSE CITY, Mich. and COLUMBUS, Ohio -- On August 7, financial services firm Merrill Lynch reported the theft of a laptop computer from its New Jersey corporate office – a computer containing sensitive personal and financial information, including Social Security numbers, for 33,000 of its employees. Such breaches of confidential information have become routine news for one simple reason: though sparing no expense to guard the security of their networks, corporations often fail to protect data on devices that are disconnected from the network.

According to a new study by the Ponemon Institute, 73 percent of corporations experienced the loss or theft of a data-bearing asset in the last 24 months, yet those same organizations report limited efforts to manage this vulnerability. The new Ponemon report, National Survey: The Insecurity of Off-Network Security, will be discussed in detail today by study author Dr. Larry Ponemon, founder and chairman, Ponemon Institute, and study sponsor, Robert Houghton, president, Redemtech, during the Privacy Symposium at Harvard University.

Among the National Survey: The Insecurity of Off-Network Security’s significant results:

62 percent of study respondents confirm or are unsure if their off-network equipment contains unprotected sensitive or confidential information;
Yet 39 percent do not view the management of off-network data bearing equipment a critical component to security;
70 percent of data breaches result from the loss of off-network equipment; and,
30 percent say they would never detect the loss or theft of confidential data from off-network equipment.

“Protecting data that is stored on devices outside the confines and control of the corporate network is a problem for which many companies simply do not have a solution,” Ponemon said. “Our research shows that, while most companies recognize the risk off-network data poses, few seem to have a grasp on how to manage the many challenges off-network data present to maintaining a strong data security program, and many do not even have a policy to address the situation.”

Ponemon Institute LLC

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Government Shutdown Brings Certificate Lapse Woes
Curtis Franklin Jr., Senior Editor at Dark Reading,  1/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6487
PUBLISHED: 2019-01-18
TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field.
CVE-2018-20735
PUBLISHED: 2019-01-17
** DISPUTED ** An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only...
CVE-2019-0624
PUBLISHED: 2019-01-17
A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype.
CVE-2019-0646
PUBLISHED: 2019-01-17
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team.
CVE-2019-0647
PUBLISHED: 2019-01-17
An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server Information Disclosure Vulnerability." This affects Team.