Staying secure in a wireless world
With the average cost of a data breach soaring by 13 per cent last year, it has never been more important to protect electronic data
According to a 2010 study by information management specialist the Ponemon Institute, the average cost of a data breach for a UK organisation topped £1.9 million in 2010.
That represented an increase of 13 per cent on the previous year and worked out at the equivalent of a £71 loss per record.
Incidents logged by the institute during 2010 compromised between 6,900 and 72,000 individual records, with the single most expensive data breach costing £6.2 million - £2.3 million higher than 2009’s worst case.
Hostile attacks remained the biggest threat to public and private sector organisations, accounting for 29 per cent of all data breaches, up from 22 per cent the year before.
Worryingly in these austere times, this type of breach was also the most expensive, averaging a loss of £80 per record.
The Ponemon Institute attributed part of the growth in data theft to the proliferation of mobile devices such as smartphones and tablet computers that contain confidential records or access them via insecure internet connections.
Its survey found that 84 per cent of UK organisations allowed employees to view data this way, up nine per cent on 2009.
However, there was also a growing appreciation of the security risk this poses, with 64 per cent of organisations stating that encryption is either important or very important for tablets and smartphones, up 13 per cent from the year before.
Paul Vissidis, group technical director at security and software testing specialist NCC Group, says tablet computers pose a particular risk because they tend be used by senior figures with access to potentially sensitive information.
He adds that the situation is similar to five or so years ago, when there were cases of laptops being lost or stolen and it being “trivially easy” to access the data they contained.
Vissidis says organisations invested a lot in getting the right encryption technology to protect their records, but the advent of gadgets like the iPad mean “we find ourselves very much back where we started”.
“The most senior people in an organisation are often sharing very sensitive information - and it’s currently being done in a very insecure way,” he adds.
“We’ve recently demonstrated that it takes about five minutes to bypass the security on an iPad, even if you’ve set yourself the biggest password known to man, and then access the data on the device.
“A lot of people would say, ‘Well, I don’t really keep any data on my iPad’. No, you may not, but you have your email on there and what’s more interesting to hackers is the fact that your email password and credentials are on there and that will probably get them much more interesting stuff.
“What makes it even worse is that often these devices are being used in hotel lobbies with free wireless networks. It’s a trivial matter for anyone who is interested to pick up any traffic that’s on those wireless networks and decrypt it.”
Unfortunately, Vassidis explains, there is no “magic silver bullet” that will solve the data security issues associated with tablet computers and smartphones and people must employ some “commonsense security”.
“Be careful how, what for and where you use your iPad,” he says.
“Try and never use the iPad - or other tablet - in a Wi-Fi network.”
Information security firm Symantec, which sponsored the Ponemon Institute study, has offered five best practice security tips for all organisations to implement, regardless of whether or not they have suffered a data breach.
1. Assess risk by identifying and classifying confidential information.
2. Educate employees about policies and procedures for protecting records and hold them accountable.
3. Deploy data loss prevention technologies to support policy compliance and enforcement.
4. Proactively encrypt devices such as laptops and tablets to minimise the impact of one being lost or stolen.
5. Integrate information protection practices into everyday procedures.
