Lessons Learned From WikiLeaks: Not So Much

Maybe the massive disclosure of diplomatic memos from the U.S. State Department by WikiLeaks didn't serve as much of a cautionary tale for preventing the leak of sensitive data after all: Most IT and security professionals say they use USBs, smartphones, and tablets to move and back up confidential files, and 65 percent say they don't have a handle on what files and data leave the enterprise, a new survey says.

The survey of 200 IT and security pros at the RSA Conference last month in San Francisco revealed some risky practices by users who theoretically should know better -- including 77 percent saying that they send payroll, customer data, financial, and other classified information via unsecured email monthly.

"One thing we know is that people do what they need to do to be productive, and they find their own mechanisms to do this better. This is not malicious, but it puts companies at risk," says Hugh Garber, product marketing manager for Ipswitch, which conducted the survey. "If there's not a tool, they use their own stuff -- a lot are turning to USB drives, file-sharing sites, and their personal email [if corporate email restricts file-size attachments, for instance]. And that just enforces lower visibility to IT and brings more risk."

And when it comes to the infamous WikiLeaks incident, more than 40 percent of the respondents say their companies have basically dismissed the security implications of it. Nearly 30 percent say their companies talked about the risks that the WikiLeaks incident highlighted, but they didn't make any major security changes in response.

"Out of WikiLeaks we saw people blaming the devices instead of taking control of their data," Garber says. "Blaming a data breach on a portable device is like blaming a bank robbery on white vans."

Around 57 percent of the respondents say they save work files to these external devices on a weekly basis or more, an 11 percent increase over a similar survey conducted by Ipswitch in 2010. "We're seeing a lot more people backing up their data on portable media -- a lot that is personally owned and easily lost or stolen," Garber notes.

But there's hope: Forty percent say the protection of sensitive information is their top priority for 2011. "That statistic is an indication that ... no one wants to be the next data-breach headline," Garber says. "I wish this was a higher number, but I predict it will be double that next year."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.