July 10, 2012, 10:36 PM — To expect data security to be perfect is not realistic. Inevitably, mistakes will happen and data will be lost. But such a realistic view does not mean glossing over those mistakes. If anything, realism compels us to take ever more vigilant measures to assure our customer, operational, and intellectual property data is safe.
Source: Chris 727/Flickr
But, if recent research tells us anything, many organizations are not taking a realistic view of the importance of their data to invest in systems and processes to protect it. They must live in a fantasy world where guarding data is not that important.
Take the 2012 Global State of Information Security Survey from Pricewaterhousecoopers. PWC's 14th survey shows that 72% of those polled are confident in their efforts to protect data. However, the same executives surveyed admit there has been a steady decline over the past three years in the knowledge of where data is, as well as in the number of companies using ID management, among other deficiencies. PWC calls it a "troubling degradation in core security capabilities." For example, only 41% in the survey have an identity management strategy and, worse, a mere 29% have an accurate inventory about where their data resides, down from 39% in 2009.
This lackadaisical attitude toward data security probably contributed to the frightening results from Verizon's annual Data Breach Investigations Report. The 2012 report revealed "the second highest data loss total since we started keeping track in 2004."
The raw numbers are disturbing. The 855 incidents of data breaches in 2011 resulted in 174 million stolen records. But the truly scary aspect of these breaches is, according to those who reported on the data breaches, 97% could have been prevented through "simple or intermediate controls." In other words, had organizations taken even rudimentary security precautions the number of incidents and records lost would have been a mere handful.