The brand damage done by having to admit that hackers have been able to make away with sensitive customer information can be severe – just ask executives at US telecoms giant AT&T.
Having admitted that 19,000 of its customers may have had their credit card details compromised, after using AT&T’s online store, the telecoms giant’s executives were quick to rush out a statement promising to “work closely with law enforcement to bring these data thieves to account”. Whether such action is enough to placate those customers put at risk is, at best, debatable. The real damage has been done to both its brand, and perception by potential customers.
But given the risk to reputation and brand, why are such stories so common? Analysts at IT advisory group Gartner estimate tens of millions of customers will be affected by corporate data loss this year. Not all of these cases will result in the individuals becoming victims of crime, but the damage done to the offending company will still hurt.
“We seem to be in the midst of a data loss epidemic,” says Rich Mogull, research vice president for Gartner. And yet, “data loss and information leaks are not random acts of nature too costly to prevent.”
Now Gartner has come up with a definitive list of five simple steps that business leaders can put in place to make sure their company does not become the latest to have to issue a grovelling apology to customers.
That list includes:
• Deploying, monitoring and filtering technology to secure outbound network traffic;
• Encrypting backup tapes;
• Securing workstations, restricting home computers and locking portable storage;
• Encrypting laptops using whole drive encryption;
• Deploying database activity monitoring.
But while the Gartner advice provides an exhaustive list of techniques to lockdown corporate data, it seems far-removed from many IT professionals’ day-to-day experience.
While a hard-line policy on USB keys and restricted home access might be appropriate at some organisations such as banks, many IT leaders find little support for such stances in their organisations. Nor has the widespread availability of encryption in software such as email made much of an impact in its use.
Researchers at the Ponemon Institute have recently published a study demonstrating the apathy currently prevalent among business leaders when it comes to preventing data loss. Just 43% of respondents said their company would detect a breach involving more than 10,000 records more than 80% of the time. Lack of resources and the associated costs were seen as the major barriers.