Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

8/10/2009
03:26 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Report: Less Budget, More Data Leaks

Budget constraints, social networks, and mobile devices take their toll as data leaks among U.S. enterprises multiply

Half of all organizations say tighter budgets have hurt their ability to protect the leakage of sensitive or confidential information during the past year, according to a new report.

The increasing number of layoffs overall, and of IT staff, specifically, are taking their toll on security, Proofpoint's "Outbound Email and Data Loss Prevention in Today's Enterprise" survey found. More than one-third (34 percent) of U.S. companies in the survey said they had suffered from the leakage of sensitive or embarrassing data in the past 12 months. Forty-three percent said they had investigated a suspected leak of sensitive data via email, and 34 percent had investigated a violation of data protection regulations or privacy in the past year.

More than one-third said customer data was exposed or stolen, and 28 percent said they had been hit by exposure or theft of their intellectual property during the past year.

"I was kind of surprised how many data breaches via email had been investigated. When that number is over 40 percent, that's really high. It is still the biggest risk area," says Keith Crosley, director of market development for Proofpoint. The report is based on data gathered from 220 email decision-makers at U.S. companies with more than 1,000 employees.

Interestingly, even with their dwindling man power, many organizations are cracking down more on data leakage violations than ever before. "Discipline and termination were pretty high this year," Crosley says.

More than 30 percent said in the past 12 months they had terminated an employee for violating the organization's email policies, and more than 50 percent had disciplined one for doing so. Crosley says it may be that for some organizations under the gun to trim their costs, violating policy is more likely to cost you your job than anything else. "If you need to reduce your staff, people who are violating corporate policies stand a higher chance of being terminated. There's a message here for employees: Be aware of your company's [security] policies," he says.

Social media sites like Facebook, Twitter, and YouTube also have businesses nervous about data leaks: Forty-two percent say they are very worried about data leaking via media-sharing sites. Nearly one in five companies have investigated sensitive data exposure via video or audio posted to a media-sharing site, 15 percent have disciplined an employee for violating online media-sharing policies, and 8 percent have fired one for it.

Nearly 20 percent have investigated data leaks via social networking sites, and 45 percent are concerned with data leakage via Facebook and LinkedIn. About 10 percent have disciplined an employee for an infraction here, while 8 percent have fired one for it. More than 40 percent worry about Twitter posts and SMS messages leaking data.

More than half worry about data leakage via email sent from mobile phones, and 22 percent have investigated a data leak via those devices.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
Robert Lemos, Contributing Writer,  2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9342
PUBLISHED: 2020-02-22
The F-Secure AV parsing engine before 2020-02-05 allows virus-detection bypass via crafted Compression Method data in a GZIP archive. This affects versions before 17.0.605.474 (on Linux) of Cloud Protection For Salesforce, Email and Server Security, and Internet GateKeeper.
CVE-2020-9338
PUBLISHED: 2020-02-22
SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field.
CVE-2020-9339
PUBLISHED: 2020-02-22
SOPlanning 1.45 allows XSS via the Name or Comment to status.php.
CVE-2020-9340
PUBLISHED: 2020-02-22
fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter.
CVE-2020-9341
PUBLISHED: 2020-02-22
CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI.