Leaking money

zoom

Raschke: many firms do not do basic risk assessment exercises.

The technology trade press is dominated by security scare stories involving a range of villains and caricatures from disgruntled former employees and call centre staff, to rival corporations and even foreign spy rings. However, experts have been advising us to step back from the more sensational news reports and take heed of the wider security landscape. The most high profile instances of data loss - including the notorious 2005 attempt to steal around US$450 million from Sumitomo Mitsui bank in London - have provided a misleading impression of where the greatest security risks originate.

Paul Proctor, research vice-president at analyst firm Gartner, says: "Through 2010 we expect 80%-90% of sensitive information leaks to be unintentional, accidental, or the result of poor business processes." If companies are to prioritise their security budget wisely, they would do well to take heed.

According to Mark Murtagh, technical director for EMEA at Websense, there remains a significant gap between popular perception and reality when it comes to the information leakage issue. He emphasises that the internet is becoming ubiquitous for communications, and the risks for data to leak out of a corporate network go far beyond portable devices to any system that has internet access. "The by-now firmly entrenched image of the information thief with memory stick in hand provides a very small glimpse of the overall picture," says Murtagh.

Whether unintentional, intentional or malicious in nature, the ramifications of information leaks can be significant. According to the Ponemon Institute, the average cost per customer record lost is approximately $182. These costs are broken out into direct, indirect, and opportunity costs. Sources estimate the total aggregate cost of a breach to average $5 million. Crucially, those who regard data protection as soft law will continue to be surprised.

With the background of the Spanish data protection authority imposing swinging fines and the French CNIL using its new powers to levy a $62,000 fine on Credit Lyonnais, the UK'S Financial Services Authority (FSA) has penalised building society Nationwide more than $2 million following the theft of a laptop containing customer data from an employee's home. By its very nature an effective risk mitigation strategy can be a huge cost saver - albeit one that works silently and unnoticed in the background, bringing benefits that are not so clearly evident when things are going well.

As multinationals pour into GCC states such as Qatar and Dubai, more CIOs are having to face up to the challenge of how to protect company secrets in an unfamiliar environment where differences in working culture, language, regulation and available company resources make the task wholly different from what they are accustomed to back at HQ.

However, multinationals are not the only organisations focused on information leakage prevention (ILP). The GCC expects to invest more than $1 trillion in pursuit of economic diversification. While Plan Abu Dhabi 2030 has just been announced, it is estimated that development projects will total $400 billion. The emirate is positioning itself as a manufacturing hub, with plans underway for aerospace components and shipbuilding ventures.

Print | Email | Discuss this article |

READERS' COMMENTS

View all comments (0)

Have your say

Click here to post a comment

Add your Comment All posts are sent to the administrator for review and are published only after approval. ArabianBusiness.com reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic.
Name *
Remember me on this computer
Email *	(Your email address will not be published)
City
Country
Subject *
Comment *
Notify me of further comments
Security Code *
Please click post only once - your comment will not be published immediately.

MORE FROM ARABIANBUSINESS.COM