• E-mail
• Print
• Comment
• Font Size
• Digg
• del.icio.us
• Discuss article

Organizations Unable to Block Sensitive Data Sent By Their Employees According to Survey By Palisade Systems and Dr. Doug Jacobson of Iowa State University

Posted on: Monday, 7 August 2006, 12:00 CDT

AMES, Iowa, Aug. 7 /PRNewswire/ -- Palisade Systems, a leading provider of content and network security appliances, announced today a national study that surveyed 171 organizations in the government, university and commercial sectors concerning internal threats to their customers' sensitive data as well as their own proprietary information. The purpose of the survey, one of the first of its kind to address all network communication risks employees or trusted insiders could pose within an organization, was to determine how significant internal threats such as employees and trusted insiders are to sensitive data an organization is storing, sending and/or accessing. Furthermore, the survey went on to determine what, if any, technology the organizations were using to not only monitor all outbound network communication, but block any communication that contains sensitive data. The survey discovered that none, 0%, of organizations surveyed, are utilizing any technology to block network communications that contain sensitive data.

As a security solutions provider, Palisade Systems has always been aware of potential threats posed by internal users (employees and contractors) on a network who are accessing, storing, and/or sending sensitive data. In a study that analyzed how organizations protect customer's sensitive data, Palisade found that the vast majority of companies can monitor, but not block, sensitive content flowing out of the network by e-mail, Instant Messaging, Web Mail, or other applications that communicate outside the network.

Breakdown of survey participants Number of Network Users Response Percent Response Total 1 - 100 12.3% 21 101 - 500 14.6% 25 501 - 1000 13.5% 23 1,001 - 5,000 26.9% 46 5001 - 10,000 9.9% 17 Above 10,000 22.8% 39

The organizations that participated in the study represent a cross section of American companies, universities, and government institutions/agencies. Some findings from the study include:

* 78% of the organizations surveyed store, send, or access consumers' personally identifiable information or proprietary data. * 84% of the organizations surveyed were required by law or industry regulations to protect client records and information. * Of the total of organizations that stored, send, or access private information: --83% store, send, or access addresses and phone numbers --67% store, send, or access Social Security Numbers --36% store, send, or access bank account information --30% store, send, or access credit card numbers

A substantial majority (76%) of network security professionals questioned by the survey felt that internal threats posed an equal or a greater danger to their organization compared to external threats. Lately, many security and liability issues have been reported in the news concerning employees who accidentally misused sensitive data such as social security numbers, bank account information, credit card numbers, intellectual property, etc.

The study also found that the solutions being employed were not adequate to the task of monitoring and stopping the leak of sensitive data by all the protocols and applications that can be used by an employee to share data outside the network.

* Only 64% of the organizations surveyed have some type of tool to monitor communications for data leaks. * Only 30% indicated they monitor content flowing out of their network by e-mail. * Only 16% indicated they monitor content flowing out of their network by Instant Messaging. * Only 13% indicated they monitor content flowing out of their network by Web Mail. * Excluding email, only a small percentage of organizations today can block sensitive data that could be sent by an employee over the other hundred plus communication protocols an organization might provide on their network.

Only when organizations begin deploying content monitoring and filtering (a.k.a. data loss prevention) products, which are only produced by a handful of vendors including Palisade Systems, will organizations be able to finally suppress sensitive data from being leaked out via all network communication protocols, including email. Until organizations make the investment in new content monitoring and filtering technology, we will continue to hear more news stories about consumers' sensitive data and organizations' proprietary data (i.e. theft of Coca-Cola's secret recipe by employees) falling into the wrong hands.

About Palisade Systems, Inc.

Founded in 1996, Palisade Systems, Inc., is a leading provider of enterprise content security and data protection solutions with over 500 customers across North America and Europe. Palisade security appliances help organizations proactively secure intellectual property and private client information from leaking outside the network, define and enforce access to internal network resources, and enforce compliance with federal privacy and industry security regulations. Palisade Systems customers include prominent clients in healthcare, financial services, insurance industries, along with universities and school districts. For more information, please visit http://www.palisadesys.com/ or contact Palisade's sales department at 1.888.824.0720.

Palisade Systems, Inc.

CONTACT: David Splivalo of Freestyle Public Relations, +1-515-223-4343,david@freestylepr.com, for Palisade Systems, Inc.

Web site: http://www.palisadesys.com/

Source: PRNewswire

More News in this Category