Take a look at the number of reported data leaks in the US and Australia and you could be forgiven for thinking that we’re a pretty secure lot.
But the level of Australian incidents is more likely to be on par with the US – it’s just that you don’t hear about it.
“It’s unfortunate and very widespread,” says Fred Borjesson, Regional Endpoint Sales Manager for Asia Pacific at Check Point. “Sometimes it’s caused by employee mistakes, sometimes it’s malicious and sometimes it’s the result of hacking, stolen laptops and so on. It happens to most businesses – and most are unaware that it’s occurring.”
It’s nearly a year since the Australian Law Reform Commission recommended government agencies and business organisations notify individuals and the Privacy Commissioner when there is a real risk of serious harm occurring as a result of a data breach. Despite the recommendations, however, there are still no legal requirements in Australia to report data loss.
“The right thing to do is to protect the information from the beginning. But these events do occur,” Borjesson said.
“It’s not understood how widespread this problem is. People think it’s not a big issue when there are actually lots of challenges.”
Data leaks can happen to any organisation as evidenced by the recent McAfee incident, where the details of more than 1400 professionals were accidentally sent out as an attachment to an electronic newsletter by the security company. A look at the chronology of data breaches in the US quickly gives you an idea of the regularity of incidents.
From the perspective of IT managers, organisations need a policy that clearly states what needs to happen in the event of a data breach, Borjesson said.
“And IT managers need to be allocated the appropriate resources and tools to enforce those policies.
“There’s an inbalance in IT security, where a lot of investment is made in network security but there a wide gap in terms of the end point and users.”
Particularly, as the focus shifts from the network to mobile devices, enterprise must also focus on encrypting hard drives and data.