Simply Security - News, Views, and Opinions from Trend Micro

Posted on June 28th, 2012 in Reports by Noah Gamer | Be the first to comment | Tags: Reports

Emerging evidence detailing the financial impact of data loss events could be just what is need to inspire data security reform.

While awareness for the potential implications of data breach and data loss scenarios has grown considerably in recent months, objective evidence reflecting the possible damages is often what's required to inspire earnest attempts to reform prevention strategies. A new report released by independent researchers from Vanson Bourne has shed new light on the financial impact of data loss scenarios and the instrumental role backup and recovery plans must play in data protection strategies.

The survey polled 250 IT professionals across the United States, U.K. and France. Among organizations managing between 2TB and 7TB of data, more than 20 percent reportedly experienced at least one data loss incident within the past year. In fact, more than half of respondents from this subgroup indicated that their companies suffered multiple such occurrences in that time.

The significance of these events was not lost on the survey sample. Overall, responding IT professionals estimated that the resolution and aftermath of data breach and loss scenarios cost their organizations between 2 and 5 percent of total revenue. In the U.S. Northeast in particular, several respondents cited figures equating to as much as 10 percent of annual revenue.

"As we peeled away the layers on this research, a troubling picture emerged: The level of data loss is huge, and only a few organizations are employing data protection best practices," research coordinator Terry Cunningham observed. "When largely preventable data loss conservatively costs business hundreds of millions of dollars annually, it is time to rethink your priorities."

In addition to the potential business implications of this news, consumers also have reason to take pause. Considering the large volumes of customer data stored on corporate servers, including transaction histories, insurance forms and various other sources containing personally identifiable information, it stands to reason that a healthy portion of the lost data could be affecting private citizens.

Massachusetts feels the sting of data loss

Earlier this month, the Massachusetts Office of Consumer Affairs and Business Regulation (CABR) revealed that more than 1,800 reported data breaches have affected a total of 3.1 million state residents since 2007. Not surprisingly, 97 percent of these incidents involved electronic information stored on everything from personal smartphones to document management systems at area hospitals.

"Over the last four years, about half of Massachusetts residents have had their information exposed to loss or theft. We have found that information on laptops, thumb drives, storage discs and tapes and other electronic platforms are most vulnerable," explained CABR undersecretary Barbara Anthony. "Encrypting data remains the key to protecting our personal and financial information. The best way to prevent identity theft and other serious issues is to keep information protected, safe and secure."

Data on lockdown

While this advice was primarily intended for consumer audiences, it should be heeded by the business community as well since it will often fall to corporate IT teams to take decisive action. Encryption strategies have played a fundamental role in data security efforts for decades, but this classic technique will likely only grow in significance as sensitive information travels across a wider variety of endpoints in the era of mobility and constant connectivity. Even if a smartphone or thumb drive is misplaced, for example, strong encryption will render the data stored on these devices inaccessible to unauthorized viewers.

Aside from ensuring that lost data remains protected against the advances of opportunistic hackers, IT teams will naturally want to recover the missing information to restore their own operations. Whether it is to ensure a competitive advantage through retaining market intelligence or to maintain compliance through preserving medical records, organizations must take every precaution to make sure data is recoverable.

Finding answers in the cloud

The natural antidote to data loss is, of course, effective disaster recovery and business continuity solutions. Although most organizations are already familiar with the role that offsite tape archiving plays in these plans, all signs point to the growing importance of cloud-based utilities as big data becomes less of a buzzword and more of a reality.

"We've seen the benefits that remote, cloud-connected storage and disaster recovery service provide to an organization, and moving data to the cloud is a very practical and cost-effective way to manage and secure those IT assets," Cunningham added. "There are still huge opportunities for companies to improve their overall disaster recovery strategies by incorporating off-premise solutions and integrating mobile devices into the equation."

The primary advantage of cloud-based storage is the ease and speed with which data can be retrieved – not to mention the unlimited scalability. And while the technology is still relatively young, it has already proved capable of answering the bell when companies need it most.

In one recent incident, a panicked accountant called his managed services provider to report that he had accidentally deleted 10 years' worth of crucial financial data. By leveraging previously implemented cloud backup utilities, administrators were able to restore all 20GB of mission-critical information to the client.

Data Security News from SimplySecurity.com by Trend Micro