A survey released today claims IT decision makers are fooling themselves that their organisation's sensitive data is secure.
Nearly 84 per cent of 179 IT decision makers in large (1,000 employees or more), global enterprises believe that all or most of their confidential data is protected.
But the database security controls research report produced by database security vendor Application Security, in conjunction with analyst firm Enterprise Strategy Group, said this perception around data security was disconnected from reality.
This is because the same respondents noted they failed major enterprise-wide and industry specific security audits more than 33 per cent of the time, including those to become compliant with the likes of Sarbanes Oxley (SOX), Basel II and Payment Card Industry Data Security Standards (PCI DSS).
When questioned about where most of their organisational data resided, just over 55 per cent stated that customer and employee information was housed on databases as opposed to file servers, desktops or email systems.
But 63 per cent of respondents claimed that their organisation's database security depended upon manual processes alone, meaning they're always one step behind attackers, according to Tom Bain, Application Security's director of communications.
"Businesses are being reactionary in their attitudes to data security and not mapping security and compliance requirements closely enough onto their business goals," he said.
"Those automating key process around database access and privileged activity monitoring are already ahead of the game, especially when criminals will target confidential data more in this global economic downturn."
A reliance on manual controls belied the fact that nearly 75 per cent of those surveyed also believed the number of database-focused attacks would increase in 2009, with the majority of respondents stating that insider threats are the most likely.
"These are global enterprises with massive IT organisations and thousands of database applications. All it takes is one insecure application or one unpatched server for a breach," added Bain, in response to the research finding that over 60 per cent of those surveyed admitted they had suffered at least one data breach in the past 12 months already.
Bain concluded: "The survey proves that it's not just about technology, but about taking pre-emptive action and making sure companies have the right people, policies and processes in place too."
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
TikTok to open first European data centre in IrelandNews The move could signify a desire to shift its operations away from the US as well as secure its position in the European market
-
Your first step researching Managed File TransferWhitepapers Advice and expertise on researching the right MFT solution for your business
-
Dell EMC Networking Z9264F-ON review: A 64-port powerhouseReviews Are you ready for 100-Gigabit Ethernet? Dell EMC’s Z9264F-ON certainly is
-
Your cloud-based file sharing questions answeredWhitepapers File sharing service allows full data mobility between endpoints for hybrid and multicloud flexibility
-
MPs in a muddle over GDPR and storing voters' personal dataNews Labour MP Chris Bryant says his staff were told to delete constituents' data
-
Trump resort will not be charged for breaching data lawsNews Presidential hopeful's Scottish golf course failed to register under the Data Protection Act for four years
-
Banks urged to share data but warned over securityNews Experts voice concern over security of open API recommendations
-
EU centralises European open data through one portalNews Open Data Portal will enable public sector bodies to share information
