The New Zealand Privacy Commissioner’s Annual Report called 2012 “The Year of the Data Breach”. So what will you and your organization do in 2013? Will you be a statistic or will your organization protect its customers, brand and reputation?
In the 2011 financial year, the Office of the Australian Information Commissioner was notified of 56 data breaches. This figure has increased by 27% from the previous financial year. The Australian Privacy Commissioner also opened a further 59 investigations where he wasn’t notified of the incident. This means that on average, at least twice a week an Australian organisation has its data stolen.
There are costs associated with the theft of any of your organisation’s assets and this includes your data. Detection, notification, rectification and loss of business are all areas that will cost your organisation in the event of a data breach. A benchmark study on the cost of data breaches for Australian-based companies is conducted annually by the Ponemon Institute and sponsored by Symantec. The 2011 report, released in March this year, found that 32% of breaches were due to IT and business process failures. This suggests that organisations need to focus on the processes, policies and technologies that address these threats.
The above table shows the total cost of the data breach per the number of compromised records from a 2011 study by industry classification. Source: 2011 Cost of Data Breach Study: Australia Ponemon Institute LLC (March 2012)
What can your organisation do to proactively protect one of its most valuable assets?
Manually monitoring access to databases, data warehouses and file shares can be a costly and high-risk exercise. Products, such as IBM’s InfoSphere Guardium can be used to monitor this activity in realtime.
Evaluate where your organisation’s sensitive data exists so that you can focus your data privacy and protection efforts in these areas. InfoReady and IBM’s InfoSphere Optim solution can be leveraged to help you with this analysis. Your organisation is also open to data breach risk created by insecure configurations, missing patches and weak passwords. Ongoing use of InfoSphere Guardium to conduct vulnerability assessments of your database environments will help your organisation assess the strength of these highly dynamic infrastructures.
Protecting and securing your data should be a core part of your risk management plan. This can be achieved in a number of ways.
These methods can all be employed to minimise your organisation’s exposure to the undesirable consequences of a data breach. InfoSphere Guardium and InfoSphere Optim are comprehensive products that can be deployed to safeguard data in traditional, virtualised and cloud computing environments.
The number of regulatory requirements around data protection is increasing. Thus the requirement to put mechanisms in place to audit the access and changes to sensitive data is becoming more important. In the event of a data breach consider how your organisation would be able to detect, record and consequently generate a report on any unauthorised access to your customers’ personally identifiable information. What if a privileged user was responsible for the breach? InfoSphere Guardium can maintain a secure, centralised repository containing a fine-grained audit trail of your database infrastructure.
Instead of being a statistic in 2013, retain your customers’ trust and take the steps to protect your organisation’s brand and reputation by protecting your customers’ data.