Data breaches, compliance drive intellectual property protection

By Robert Westervelt, News Editor 10 Jul 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Companies are bracing themselves for the next data breach, implementing technology and processes to protect intellectual property (IP) and other sensitive information in the wake of high profile data breaches.

The CEO is now reading about this stuff and is willing to fund initiatives to better protect data. Jon Olstik, analyst, Enterprise Strategy Group

Compliance is also driving adoption of data protection technologies, according to two studies conducted by the Milford, Mass.-based Enterprise Strategy Group (ESG).

The study on data leakage prevention found that more than one-third of organizations not using data loss prevention technology had information stolen from their databases within the last 12 months and that 30% of those data breaches impacted bottom-line revenues.

"The CEO is now reading about this stuff and is willing to fund initiatives to better protect data," said Jon Olstik, an ESG analyst.

Two research reports, "Intellectual Property and Security, the Elephant in the Room" and "The Case for Data Leakage Prevention,"concluded that enterprises need to improve the processes that define their intellectual property and put data leakage technologies in place to avoid a high profile data breach.

One area in need of improvement, according to the intellectual property study, is in the way data is classified by companies as intellectual property. One-third of the respondents said that they are ramping up attempts to protect their IP as a reaction to the high profile security breaches that have occurred in the last year.

Data security: Who's Had a Taste of Your Intellectual Property?: Here are the key ingredients to protecting your secret sauce. Hacker techniques use Google to unearth sensitive data: Those who know where to look could use Google to dig up all sorts of sensitive company information, including intellectual property and passwords, one security expert warns. PCI DSS auditors see lessons in TJX data breach: Following the recent TJX data breach, several PCI Data Security Standard auditors say the retailer violated basic requirements of the PCI DSS. But they say there are lessons to be learned from TJX's mistakes. Quiz: Preventing data leakage: A six-question multiple-choice quiz to test your understanding of the content presented by expert Richard Bejtlich in this lesson of SearchSecurity.com's Data Protection Security School.

In many cases defining intellectual property is a labor intensive and manual process, Olstik said. Many firms are conducting manual scans of file servers -- a process that could take up to 80 hours per quarter on IP discovery. It's so time consuming that it is becoming very costly, Olstik said.

The IP study found that 74% of respondents say their organization will spend more to secure electronic forms of intellectual property in 2007 than they did in 2006. While many organizations have a centralized process to classify information as intellectual property, more than 25% of respondents said their process needs improvement.

"Defining what is IP and what isn't IP is being done reactively and randomly in some cases," Olstik said. "A lot of enterprises lack a centralized process and many have inconsistencies and redundancies resulting in costs that aren't needed."

While high profile data breaches are a driver toward more spending to protect sensitive data, compliance and government regulations are also driving spending. The study found that 72% of respondents found government regulations and compliance the biggest motivators for protecting confidential data.

Connectivity between enterprises, their customers and their business partners also play factor in driving intellectual property concerns, Olstik said. Attackers are also getting more sophisticated and the threat from insiders is also raising concern about data protection, he said.

"Most people have to begin with a full risk assessment to discover what the risks are and develop a strategy to prevent data leakage," Olstik said. "Now it is clear that you have to spend money to protect yourself, because the cost of a breach is higher than the cost of the solution."

Tags: Identity Theft and Data Security Breaches,  Security Industry Market Trends, Predictions and Forecasts,  PCI Data Security Standard,  FISMA,  Enterprise Risk Management: Metrics and Assessments,  Business Management: Security Support and Executive Communications,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Identity Theft and Data Security Breaches Researchers predict SSNs, crack algorithm putting identities at risk TJX to pay $9.75 million for data breach investigations Man pleads guilty in online banking hacking scam White House cybersecurity czar faces major hurdles Heartland breach cost $12.6 million, CEO says An inside look at security log management forensics investigations LexisNexis investigates breach, notifies thousands Senators hear call for federal cybersecurity restructuring Former Federal Reserve Bank employee arrested Attackers cash in on fundamental data handling mistakes, Verizon finds Security Industry Market Trends, Predictions and Forecasts Cybersecurity czar candidate questions clout of new position Gartner sees better days ahead for security budgets Sophos CEO on Symantec, McAfee after Utimaco acquisition WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Security budgets take hit in media, tech industry, survey finds Cybersecurity Act of 2009: Power grab, or necessary step? Opinion: Gartner gets NAC wrong, again Cloud computing security group releases report outlining trouble areas White House cybersecurity advisor calls for public-private cooperation Security Industry Market Trends, Predictions and Forecasts Research PCI Data Security Standard PCI group releases wireless security guide PCI management: The case for Web application firewalls MasterCard increases PCI compliance requirements for some merchants PCI compliance requirement 1: Firewalls PCI compliance requirement 2: Defaults PCI compliance requirement 5: Antivirus PCI compliance requirement 4: Encrypt transmissions PCI compliance requirement 3: Protect data PCI compliance requirement 6: Systems and applications PCI compliance requirement 8: Unique IDs

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) CISP-PCI  (SearchFinancialSecurity.com) cookie poisoning  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) extrusion prevention  (SearchSecurity.com) identity theft  (SearchSecurity.com) parameter tampering  (SearchSecurity.com) pretexting  (SearchCIO.com) Rock Phish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary