Tightening the tap

zoom

“What we do that is quite unique is go back and test against legacy data flow to see whether your policies have the right sort of implications and effects.” Greg Day, principal security analyst, McAfee.

There are many ways data can be manipulated, lost, stolen and maliciously controlled. Julian Pletts finds out what more needs to be done to plug data leaks in Middle Eastern networks.

A single breach or loss of vital corporate information, such as intellectual property, can impact the bottom line, share price and customer confidence virtually overnight.

In the current economic downturn, the demand for illicitly gained intellectual property or other sensitive information will only increase as companies look to strip every possible cost from R&D and speed-up time to market. Network administrators ignore these concluding words from McAfee’s recent Unsecured Economies study at their peril.

It seems on the face of it that there are relatively few incidences of serious data leakage in this region. Talk to anyone however, that deals with the problem and that myth is quickly challenged and even dispelled.

“When we were on our recent roadshow, where we went to every single country in the Middle East, I would say about 70% to 80% of all of the questions were around data leakage,” claimed Rik Ferguson, senior security analyst and solutions architect at security vendor Trend Micro. “Let me say there is a huge interest and I take from that, there it is a huge issue.”

Perhaps if we look a little bit closer we can make out the not-so faint outlines of some serious data leakage incidents that may have taken place in the Middle East in recent times.

“If you remember recently a lot of the banks notified their customers to change their passwords. We don’t know, but the bottom line is it is very difficult for us to identify and track things here because of the lack of disclosure regulations, so we can only draw some various conclusions,” added Ferguson.

He is not alone in this assertion, as another network security expert also made the point that recent prompting by Middle Eastern banks for customers to change their PIN numbers might well have been precipitated by some form of data leakage.

It is not that data leakage doesn’t happen in the Middle East. It does happen, and one way of looking at it is that it’s more likely to happen here as it is, after all, a region that is immature when compared to Europe or the US. It is just that when it does, it is not as widely reported and there are few incentives for companies to hold their hands up.

Greg Day, principal security analyst at McAfee, says there is seemingly a discrepancy between the likelihood of the problem and recorded data leakage events.

“I have seen a couple of small examples, but nothing to the extent that we have seen in other parts of the world. I think there are a couple of simple realties at play here, including the fact legislation isn’t yet as tough as it is in other parts of the world.”

Stronger and more direct disclosure laws, such as those currently in place in North America, if instigated, might well reveal the true extent of the data leakage problem in the Middle East. Interestingly, according to Trend Micro’s Ferguson, these laws have done little to actually reduce the incidences in the US.

Whilst on the surface data leakage might not seem like too much of a problem here, that doesn’t mean network administrators are ignoring the issue. Even in small countries where the risk is somewhat diminished, data leakage prevention (DLP) is still very much in the IT manager’s mind’s eye.

“It is not because the gravity of the situation in Oman is high that we are doing things like ISO: 27001. The gravity is low and we want to make absolutely sure that our organisation is secure enough,” emphasised Dileep Somani, CIO of the Omani-based OTE Group.

IT professionals like Somani are right to be worried about the dangers of data leakage because, from a corporate perspective, the ramifications can be catastrophic.

Print | Email | Discuss this article

| Share |

READERS' COMMENTS

Click here to post a comment

Add your Comment All posts are sent to the administrator for review and are published only after approval. ArabianBusiness.com reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Arabian Business would like to point out that only comments relevant to the story will be published. Any containing personal insults or inappropriate language will not be approved.
Name *
Remember me on this computer
Email *	(Your email address will not be published)
City
Country
Subject *
Comment *
Notify me of further comments
Enter the words above *
Please click post only once - your comment will not be published immediately.

MORE FROM ARABIANBUSINESS.COM