Mexico. Comstor business unit of Westcon-Comstor and one of the leading wholesalers of Cisco technology, unveils the top 6 reasons for IT security in companies.
Digital security is the daily concern of businesses of all sizes and nationalities. In fact, it is a pertinent concern, as 76% of IT professionals who have participated in a Ponemon digital security study have stated that organizations have already experienced data loss or theft in the last 2 years, and the main cause for this is internal negligence in relation to data protection.
The study "Closing Security Gaps to Protect Corporate Data: A Study of US and European Organizations" evaluates the factors behind these incidents and the lessons that can be learned from them. In addition, one of the main findings of the report is that a large part of the workers have a very wide access to the data, which multiplies the damages when the corporate accounts are compromised.
For that publication, we have also taken into account another ponemon study on security, that of "2016 Global Cloud Data Security", which has heard from professionals from the United States, Australia, France, Japan, and Brazil, among other countries, about digital security in Cloud solutions, a topic quite pertinent to the reality of a large part of the companies in the world today.
Here are some reasons:
1. Internal negligence.
The reason already mentioned in the previous paragraphs is twice as likely to cause a data compromise than any other reason, such as, for example, external attacks or employees with bad intentions. The data breach was the reason indicated as the culprit of the disorder by about 50% of the employees evaluated in the Ponemon study.
2. Growing ransomware.
78% of the participants of the first study have stated that they are extremely concerned with the growth of Ransomware threats. That threat is complicated, as it is usually very sophisticated and generally requires a very high reward for the secure return of data.
So far a large part of the companies, 72%, claim not to have suffered a Ransomware attack. But, the growth of the threat worries those responsible for data security. And of the companies that have already suffered with that, 54% of them have detected the violation of information within 24 hours.
3. Unauthorized Access.
Employees' current tasks require them to access more industrial property data. About 88% of employees say their roles require access to customer data, contact list, employee records, financial reports, confidential business documents, software tools, among other information assets. Therefore, companies must develop or implement tools to track employee access to industrial property data. So far, only 29% of respondents have said their companies have implemented a comprehensive program of restricting the "least privileged" in relation to access to stealth information.
4. Lack of administration of access to the system.
Companies typically do not maintain a traceable report of file activity on the system. The failure to audit file activity on the system is a significant vulnerability, especially in relation to Ransomware. Without the audit, it is not possible to determine which files have been encrypted by a Ransomware. To give an idea, only 28% of the employees evaluated keep the access reports for more than 1 year.
5. Do not delete files.
End users do not delete files, which increases the vulnerability of digital security. About 43% of employees retain and store forever the documents or files they create or work on.
6. Migration to the Cloud is slow.
Migration to the Cloud is happening at a slower speed than expected. Stealth data is still stored in On-Premise models, so 86% of respondents have claimed that they store the data in such models.
Some companies have already done that migration. And the type of data they are moving to the cloud is also the information that is most at risk. And it was precisely the storage of information about customers in cloud environments that has increased considerably from 2014 to 2016: from 53% to 62%.
However, a specific study on cloud security conducted by Ponemon has found that only 21% of those responsible for digital security have been or are always involved in the selection or decisions of cloud application and solution providers.
