Enterprises in the Asia Pacific have been warned they need to sharpen up their data security or soon face the prospect of having governments forcing them to do so.
Organisations of all types are facing a massive increase in data loss, and yet too many major enterprises lack a comprehensive data protection strategy across their complex networks.
For example, the 2009 annual study by the Ponemon Institute, of encryption use in the enterprise, found that 80 per cent of organisations have no security protection for thumb drives, but only 22 per cent have any plans to take action.
Hackers now account for only 40 per cent of data breaches, employees and contractors are more likely culprits. Less than 20 per cent of FTP servers used for transferring highly confidential commercial information, are protected. Multi-function printing devices, with their own hard drives, were vulnerable to data theft but largely unprotected.
PGP Corporation president and chief executive officer, Phillip Dunkelberger, said 'compliance does not equal data security' and governments will inevitably intervene unless more enterprises took data protection more seriously.
Legislation a bad idea
Dunkelberger also warned that having governments mandate the use of specific data protection technologies, as China had recently attempted to do, was "a very bad idea" because every enterprise needed to develop a specific industry strategy.
"Data is now currency," he said. "You can buy, sell and borrow it. Organised crime has long since recognised how profitable it is to steal it. Now every employee is a company's security perimeter and firewall. I have read that thumb drives with a one terabyte storage capacity are likely to be available in the next few years."
Dunkelberger is a member of US President Barack Obama's Cybersecurity Review Committee and chairman of TechAmerica's CyberSecurity CxO Council, an elite advisory group focused on shaping the industry's leading cyber security advocacy and awareness programme.
He said some major organisations which were recent victims of significant data breaches, potentially involving millions of credit card records and personal information, had promoted themselves as being fully PCI (Payment Card Industry standard) compliant. This did not stop the breaches from happening.
PGP is a global player in e-mail and data encryption software for enterprise data protection, with more than 100,000 enterprises and governments, including 95 per cent of the 100, using its solutions.
Data protection strategy needed
Dunkelberger was in Singapore as part of a multi-city tour with local partners, Asiasoft Hong Kong and MTECH Singapore, to promote the need for a data protection strategy among major businesses.
"As we are seeing in other major markets, the Asia-Pacific region has suffered its share of data breaches in recent months driving the enactment of privacy laws and data protection regulations," Dunkelberger said. "As a result, we have seen heightened interest in compliance and regulatory solutions from the partners that sell PGP solutions.
"The number one thing that CIOs fear today is a call from the CEO about a data breach, which can mean significant brand damage, losing valuable customers and millions of dollars in damage. Our latest research shows that the average cost of a data breach for a major enterprise is US$6.6 million."
Reprinted with permission from MIS Asia. Story copyright 2009 MIS Asia Inc. All rights reserved.
Post new comment