Feeds

UK data losses keep growing

Government and private sector still failing basic tests

SANS - Survey on application security programs

A Freedom of Information request by infrastructure specialist Software AG reveals that more companies and government departments than ever are reporting data losses to the Information Commissioner's Office.

There were 356 self-reported data losses this year - between November 2008 and September 2009. This compares to 190 incidents between October 2007 and November 2008.

The biggest cause of loss, 127 incidents, were due to stolen hardware, usually laptops. Another 71 were blamed on lost hardware, typically memory sticks and 78 due to data disclosed in error - misaddressed discs or memory sticks - both of which could be easily avoided by using basic encryption and secure online delivery. Some 24 data loss incidents were blamed on couriers or the postal service.

Unsurprisingly Software AG does not think this is an indication of the success of the ICO's voluntary scheme which asks CIOs to report data losses. Rather it suggests that companies and other organisations are still failing to put in place simple technologies and procedures to stop such losses.

The last figures released by the ICO itself, in October 2008, showed 277 incidents since Her Majesty's Revenue and Customs lost the child benefit database a year earlier. 80 of those incidents came from the private sector, and the rest from various government departments, local authorities and health authorities.

Tim Holyoake, lead technologist at Software AG, said the problem should be declining not getting worse. He said: "Organisations are failing to learn from previous examples. Few data losses have occurred where organisations have invested in secure, electronic data transfer technologies. This begs the question, why aren’t CIOs insisting on greater use of these solutions?"

Maybe the postal strike will get people using secure, electronic data transfer. ®

SANS - Survey on application security programs

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.