Nearly 40% of large organisations do not monitor databases for suspicious activity or dont know if they do

Send to friend

Customer and employee data remain at greatest risk; IT is mobilising against this threat, but competing corporate priorities fuel epidemic of data theft and misuse.

Application Security, Inc., has announced the results of a Ponemon Institute survey that underscores the serious challenges large organisations face in securing sensitive data. With more than 150 million data records exposed in just the past two years, the survey also highlights an organizational disconnect between the realisation of the threat and the urgency in addressing it.

Conducted by one of the worlds foremost authorities on data security and privacy, the Ponemon Institute surveyed 649 respondents in corporate information technology (IT) departments worldwide. Respondents averaged more than 7 years of experience in the information security field; more than 60 percent work within corporate CIO or CTO departments.

In whats an increasingly precarious balancing act, organisations are wrestling with how to protect data from misuse by external and internal forces, while expanding access to the same data to drive business initiatives.

Highlighting these challenges, the Ponemon Institute/AppSecInc survey reveals that:

  • Forty percent said their organisations dont monitor their databases for suspicious activity, or dont know if such monitoring occurs. Notably, more than half of these organisations have 500 or more databases and the number of databases is growing.
  • Trusted insiders ability to compromise critical data was cited as the most serious concern with 57 percent perceiving inadequate protection against malicious insiders and 55 percent for data loss by internal entities.
  • Seventy-eight percent believe that databases are either critical or important to their business. Customer data represents the most common data type contained within these databases.
  • Customer/consumer and employee data ranks 3rd and 4th respectively in regard to organizations prioritisation of what must be protected.

Data can be monetised quickly and the bad guys know it, said Larry Ponemon, chairman and founder of the Ponemon Institute. Organisations that fail to protect their data effectively are proving easy targets often left to contend with considerable damage to their reputations and financial results.

Unless organisations directly protect their databases, everything else theyre doing for data security is on shaky ground, said Toby Weiss, president and CEO of AppSecInc. As States and the Federal government grapple with how to compel organisations to protect consumer privacy, leading organisations are looking inward to protect data where it lives. Responsible organisations are increasingly seeking to enhance security, mitigate risk and address key compliance concerns as part of a comprehensive approach to addressing data governance within their existing IT infrastructure.


About the Ponemon Institute

The Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organisations in a variety of industries.

About Application Security, Inc. (AppSecInc)

AppSecInc is the leading global provider of database security solutions for the enterprise. AppSecIncs products the industrys only complete database security solution proactively secure database applications across databases around the world. Our security experts, combined with our strong support team, deliver up-to-date database protection that minimises risk and allows organizations to confidently connect with customers, partners, and suppliers.

Comments (0)

Add a Comment

This thread has been closed from taking new comments.