Eight Ways to Prevent Data Breaches
Perimeter CTO Kevin Prince has kindly offered up several tips for preventing a data breach.
Has your company suffered a data breach recently? If so, chances are pretty good it was because of someone inside your company.
The Ponemon Institute and Symantec joined forces to comprise the 2011 Cost of Data Breach Study: United States. The report found that negligent insiders are the top cause of data breaches. Thirty-nine percent of organizations say negligence was the root cause of the data breaches.
The best way to combat these insider-caused breaches? Hire a chief information security officer (CISO) who has enterprise-wide responsibility for data protection. According to the report, having a CISO on staff can reduce the average cost of a data breach as much as $80 per compromised record. Bringing in a third-party security consultant isn't quite as good, but it is helpful. The report found that outside consultants assisting with the breach response also can save as much as $41 per record.
In a release, Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said:
One of the most interesting findings of the 2011 report was the correlation between an organization having a CISO on its executive team and reduced costs of a data breach. As organizations of all sizes battle an uptick in both internal and external threats, it makes sense that having the proper security leadership in place can help address these challenges.
Of course, the report discussed other important things about data breaches in the United States, such as the cost of data breaches has dropped, as Information Week pointed out:
The average cost of a breach declined by 24%, from $7.2 million in 2010 to $5.5 million in 2011.
Also, customers seem to be more aware that breaches are pretty much a fact of life these days and are staying loyal to the brand, rather than abandoning a company after a breach. That's in part due to the steps companies are taking to repair damage to their reputation, but I would think, too, it is because more of us either have worked for a company that has suffered a breach or simply have greater awareness of them.
Still, the statistics of having a CISO really jumped out at me. Having someone around who can coordinate security policy and enforcement is going to cut down on the number of breaches caused by negligent employees. If nothing else, those with security questions will finally have a "go-to" guy for an answer.