Think your organization’s sensitive data is secure? According to a new study, you may want to reconsider. The Data Breaches and Sensitive Data Risks report, published by the Ponemon Institute in partnership with Scale Venture Partners and Informatica, surveyed 432 IT security practitioners to find out what data security concerns are top-of-mind and the approaches they’re taking to address these challenges. The findings might surprise you.
The report found that although a majority of security professionals cite data breaches as their top concern, many aren’t equipped to protect their organization’s sensitive and confidential data. While many security practitioners simply lack the tools to gain insights on the location and risk of sensitive data, others admit that their existing security solutions are ineffective or don’t protect against negligent or malicious user behavior. What’s more, security isn’t prioritized by business leaders — in part because security teams often don’t have defined metrics to illustrate the business impact of their programs — making it difficult for security practitioners to obtain the resources needed to protect their organizations’ data.
In this slideshow, Ariel Tseitlin of Scale Venture Partners highlights the top data security concerns keeping IT security practitioners up at night.
Top Data Security Concerns
Click through for the data security concerns that are top-of-mind for IT security practitioners and what they’re doing to keep their organizations safe.
Uncertainty over Location and Risk of Data
The two most significant security challenges facing IT security practitioners are: 1) not knowing the location of sensitive data and 2) not understanding the risk of compromise associated with that data. According to the study, 62 percent of respondents are concerned over lack of visibility into where their organization’s sensitive or confidential data resides. Similarly, only 12 percent of respondents understand the risk of structured data contained in databases, and very few respondents have insight into the risk to unstructured data contained in emails or files (8 percent), data located in the cloud (7 percent) and big data used for analytics (5 percent).
The Rise of Data Breaches
When asked to name the one IT security risk that gives them the biggest headache, respondents most often cited a data breach. What’s more, 65 percent of surveyed security professionals reported that the risk of a breach of sensitive or confidential information is increasing. While this finding may not be surprising, it is disconcerting given that these same respondents report uncertainty over the location and risk of their organization’s sensitive data, leaving them unable to protect that data, and therefore more vulnerable to a data breach.
Existing Tools Are Often Ineffective
Slightly more than half of respondents say they use an automated solution to help them discover sensitive data and assess its risk. However, of the security practitioners using these automated solutions, 49 percent admit they don’t actually know what is being tracked. The biggest discrepancies between the user activities actually being tracked versus what should be tracked are privileged user access, cross border transfers, high volume access and new proliferation of data.
Commercial Solutions Don’t Address Behavioral Risks
According to respondents, existing commercial solutions do not address risks associated with behavior. Sixty-eight percent of surveyed security practitioners report building an in-house solution to prevent employee or user negligence because there were no viable alternatives on the market. Similarly, 66 percent say they had to build their own solution to prevent malicious insiders from accessing their organization’s sensitive or confidential data.
Business Execs Don’t Prioritize Security
The report also found that despite concerns over keeping sensitive information safe from potential data breaches, securing that data is not a high priority for many organizations. Over half of respondents are either unsure or disagree that their organizations believe in the importance of protecting data. Part of the problem, the survey revealed, is a lack of awareness — only 34 percent of respondents have defined metrics to communicate the business impact of their security programs to colleagues and business leaders.
The report also sheds light on the next wave of challenges that IT security practitioners anticipate will most impact their decision-making three to five years from now. According to respondents, the top three trends posing the biggest security concerns are consumerization of IT and/or shadow IT (45 percent), mobility (40 percent), and increased stealth and sophistication of attackers (34 percent).