Computerworld UK reports on new research from Forrester concerning data security breaches at companies:
Most data breaches are caused by mundane events such as employees losing, having stolen or simply unwittingly misusing corporate assets, a Forrester Research report has found.
After questioning over 7,000 IT executives and ordinary employees across North America and Europe, 31 percent cited simple loss or theft as the explanation for data breaches they had experienced, ahead of inadvertent misuse by an employee on 27 percent.
External attack was mentioned in 25 percent of cases with abuse by malicious insiders on 12 percent. The same selection of causes was cited at much lower levels for business partners. […]
Predictably, the arrival of mobile devices and the consumerisation of IT hasn’t helped matters.
Most organisations formulate policies for securing mobile devices but, paradoxically, lack enough tools to enforce them.
Thirty-nine percent worried about a lack of data leak prevention on mobile devices, with half concerned about the consequences of old-fashioned theft. Thirty percent thought there wasn’t sufficient separation between consumer and corporate data on mobile devices.
The commonest form of mobile device security is password entry plus remote lock and wipe with almost a quarter admitting they haven’t started using any form of data protection at all. […]
When data is breached, personal (employee and customer) data accounted for 22 percent of cases reported, with IP not far behind with 19 percent and user credentials such as logins in 11 percent.