RealTime IT News

Survey Finds Data Breaches Hit Most Enterprises

Despite the growing number of data breaches reported by U.S. businesses, corporate database security is still not up to scratch.

Sixty-seven percent of the 179 companies surveyed by Enterprise Strategy Group said they had suffered one or more confidential data breaches within the past 12 months.

Yet many appear satisfied with their security precautions, ESG found.

All of the survey's respondents, who are responsible for database security at companies with between 1,000 and more than 20,000 employees, continue to believe at least some of their confidential data is adequately protected.

"We were shocked that more than 60 percent of respondents suffered a data breach in the past year," Tom Bain, director of communications and marketing at database security solutions vendor Application Security, which sponsored the survey, told InternetNews.com.

Half the respondents said internal breaches were directly responsible for the loss of confidential data, while 19 percent blamed external attacks and 11 percent blamed a combination of the two. Another 14 percent said data loss came as a result of losing a device containing confidential data.

Despite the grim numbers, the survey found that 81 percent of the respondents said their senior management is satisfied with their company's current database security controls, while 79 percent said their auditors were satisfied with these controls.

On the other hand, 38 percent also admitted that their organization had failed a security or compliance audit within the past two to three years.

Of those whose companies had failed an audit, the largest number, 48 percent, failed general internal security and IT audits. Payment-card industry audit failures -- concerning data protection around credit cards, debit cards and other forms of payment -- came next at 42 percent.

Still, the problem may at least get better attention in the future. The survey found that 76 percent of the respondents ranked improving database security as high or the top priority, although 20 percent said it was one of many competing security priorities.

But there may also be reason for concern, as well: The current economic recession poses a high threat to database security, Bain said.

"If a database administrator is laid off because of downsizing, he could easily go in while he has access and pull down database instances," he said. "You have to proactively monitor your databases to make sure this doesn't happen."

Know thy systems

"The biggest issues are who has access to the database and why, and who has what access," Bain said. "And you need to make sure who owns the job of securing the databases."

Companies vary on who oversees securing databases, Bain said. He recommends that enterprises take a multi-faceted approach to securing their systems -- incorporating a number of different stakeholders.

"You need to have database guys, security guys, IT guys and senior management involved," he said.