A new report suggests that the onset of big data is making companies increasingly vulnerable to competitors and attackers as they generate, collect and analyse more information.
The Economist Intelligence Unit study – Information risk: Managing digital assets in a new technology landscape – released last week – found that the introduction of new technologies like cloud computing, big data and bring your own device (BYOD) is resulting in companies having to protect larger quantities of data.
Steve Durbin, the global vice president of the Information Security Forum, said: “We no longer control a network perimeter over which we can throw a safe blanket and say that everything within the network is now safe and contained.
“We operate now in a completely cyber-enabled environment: we are always on, we are always connected, and we are highly mobile.”
The report, which surveyed 341 senior business leaders, also illustrated that common risks are often down to employees being careless and at times uneducated. For example, losing a company laptop can later lead to information theft for financial gains.
Certain companies, such as parcel delivery service FedEx, are aiming to educate staff on how best to protect corporate information. Indeed, FedEx now allows employees to take an “InfoSec 101” course and “enterprise security awareness programme”.
“A key strategy of the overall programme is educating employees on current threats and providing practical security tips they can apply both at work and home,” said Denise Wood, the chief information security officer (CISO) at FedEx.
FedEx is also aiming to educate staff through e-newsletters, targeted awareness campaigns, “road show cyber-security sessions” and an annual cyber-security conference at the firm’s headquarters’.
Meanwhile, Stefan Fenz, a researcher at Vienna University of Technology, recommends testing personnel at random.
He suggests the tests could range from sending fake e-mails and making fake telephone calls to external actors turning up at offices with a fake story and dressed in disguise.
However, the majority of firms believe there is only so much they can do when it comes to protecting data, with 62 percent of respondents arguing that government and regulators need to take a greater lead in information risk management, and in particular, knowledge sharing between companies about cyber-attacks.
The UK government has set up a £650 million National Cyber Security Programme that aims to enhance unity of action against cyberthreats across government, the private sector, individuals and international entities.