“The first thing companies have to do to protect their information is to detect the five percent of vital data that is truly worthy of protection at all costs.” This was the core idea of the keynote address that Mr. Michael George, industrial espionage expert, Bavarian Department of the Interior stated during 1:0 for Your IT Security, SECUDE’s popular security forum that was hosted recently in the former 2006 WM stadiums at Frankfurt, Hannover, and Munich.

Talking on data security and loss prevention, Mr. George elucidated that espionage activities can not only be organized by other competing companies, but also from governmental organizations such as secret services. He also mentioned that some countries support their national economies by permitting their secret services to spy on companies of other countries and thus, glean important data to boost their own economy. Such activities are done not only by countries we always suspect, but also by ‘friendly’ countries.

Data theft by greedy or disgruntled employees is a growing concern. However, it is only a symptom of a larger problem.

Insider threat also poses a great challenge. Senior IT security consultant Mr. Gregory Guglielmetti believes that data theft by greedy or disgruntled employees is a growing concern. However, it is only a symptom of a larger problem.

“For the last two decades we have increasingly digitalized all sorts of information, from intellectual property to client details. Quick access and reproduction of this information has increased productivity, but exposed companies to risks of noncompliance and IP theft. Accessibility to information has been fueled largely by technological innovation. This happened so fast that few have taken the time to think about the consequences in terms of IP and data security,” states Mr Guglielmetti.

“On top of this general trend we can recognize additional difficulties in protecting information. IT architectures have grown large, heterogeneous, and complex. It is increasingly difficult to answer even simple questions. Which systems manage customer data? Are backups encrypted? How do we securely dispose of non-necessary copies of data, for example, after a migration project?”

“In such chaotic conditions it is easy today for an employee to walk out of a company with critical information without leaving traces behind. Data Leakage Prevention (DLP) tries to address these problems from a preventive and detective aspect, by controlling access to critical information and keeping traces, for example, if the data was copied. DLP can support information protection initiatives.”

Unfortunately, surveys on current trends do not reveal a good picture. As per a recent survey report on pr-inside.com, over half of the respondents (52%) admitted to carrying important company data on USB sticks without encrypting them. In fact, 11% of the respondents just protected their devices with passwords alone. An article on zdnetasia.com states that “despite the wide availability of security tools and advice on safe online usage, incidents of data theft and hacking attacks still make the headlines on a regular basis.”

So how can a company protect its data from threats? Mr. Guglielmetti affirms that achieving a good level of information protection will require a combination of organizational and ethical initiatives, simplified IT architectures and management attention. Highly targeted organizations such as banks and other financial institutions often identify and single out specific security risks and take isolated measures without looking at the overall long-term risk management strategy. Tactical measures such as guards, gadgets, and security software are prudent, but without a holistic approach, companies remain at risk.

Companies should not only protect themselves from threats that directly approach from the center, but should also be aware of threats from the flanks. A holistic approach ensures the organization’s long-term needs and helps develop a comprehensive strategy to deal with risks over the next five years and beyond.

It’s 1:0 for IT security!

For expert advice on how to protect your data and to read free IT-security whitepapers, please go to www.secude.com.