Firms neglect mobile data security

Firms are not doing enough to protect against data losses from hardware theft, the latest Internet Security Threat Report from Symantec will reveal today.

The report found that 54 percent of all data breaches that could facilitate identity theft were the result of the loss or theft of computers or data storage devices, while 28 percent could be put down to failures to implement security policies.

"We predicted this in the last report but now the criminals are very aggressively going after this data," explained Symantec's Ollie Whitehouse. "We try to educate our clients about the importance of full hard disk encryption on devices but obviously this is not happening in a large number of situations."

A new survey from CA last week reinforced the findings, reporting that two-thirds of IT managers cite the "loss of business-critical data" and "downtime of key IT systems" as the greatest risks they face in IT planning.

Andrew Kellett of analyst Butler Group said that encryption was still at a fairly early adopters stage. "You need two levels of control; you should encrypt if you're [taking the data] outside the organisation, and you need systems in place to align what people do with the policies of the organisation," he added.

But chief executive of anti-spyware vendor Webroot, Peter Watkins, argued that the data extrusion technology which can recognise individual roles and whether they are authorised to send certain pieces of data, is still a couple of years away from maturity.

"It might be top of the CSO's list but it's yet to find widespread support because their budgets are still dominated by the day-to-day stuff," he added.

The Symantec report also found an 11 percent surge in bot net activity. These networks in turn help to perpetuate spam, host phishing sites and launch further attacks, including the installation of keyloggers on users' PCs which can mine and export sensitive information.

"The increase in bots is pretty substantial when you think that users' personal security is increasing through education and better technology," said Whitehouse.

Butler Group's Kellett added that large online retailers, banks and service providers will play an increasingly large role in ensuring their customers' PCs are protected. "We're starting to see the [security] infrastructure which supported enterprises becoming more commonly available now to home users," he explained.

Data loss was also highlighted by respondents of a new McAfee survey released today as a major cause of compliance problems.

The research found that only of half compliance professionals are confident in their existing data loss prevention measures, while 84 percent said that complying with the Data Protection Act was their number one compliance concern.

"Ultimately it comes down to controlling risks," said McAfee CSO Martin Carmichael. "Organisations need to ask what are the risk-benefits, and how do I put in place repeatable processes to the solve compliance problem and the security problem."