This interview appears as a lead up to our CIO Summit 2012 in Malaysia on September 6, 2012. Sophos will be represented at the Thought Leader session entitled Data Privacy: The Controversy Behind Securing Your Sensitive Information. Sumit Bansal, Director for ASEAN at Sophos, here tells us about the threats and risks facing organisations in our part of the world and prescribes key strategies for negating and mitigating those threats and risks.
At present, what are the greatest data security threats to organisations in ASEAN?
Sumit Bansal: As organisations enter the post-PC era, four threats have emerged to challenge data security. They are BYOD, Bring Your Own Device-mobile devices, cloud storage and social networks.
In the post-PC era, organisations have entered a new stage of technology that offers end users far greater independence and convenience for accessing data than the PC alone.
BYOD: It's risky to assume that prohibiting personal devices solves the problem, because employees end up using their own devices anyway, unmonitored and undeterred by corporate security policies.
IT managers should treat BYOD the same way as any introduction of new technology, that is, with a controlled and predictable deployment. All organisations have the flexibility, based on their corporate culture and regulatory requirements, to embrace BYOD as much as they deem reasonable. There are also organisations that have decided the risk is too great and choose not to implement a BYOD programme.
The first and best defense in securing BYODs begins with the same requirements applied to devices that are already on the network. These security measures include:
- Enforcing strong passcodes on all devices.
- Antivirus protection and data loss prevention, DLP.
- Full-disk encryption for disk, removable media and cloud storage.
- Mobile device management, MDM, to wipe sensitive data when devices are lost or stolen.
- Application control
Mobile Devices: Whether they are company-owned or employee-owned, mobile devices introduce a threat to data security. These devices act like portable computers, and that means organisations should think about protecting them as much as they would their PCs. They need a plan for locking down data stored on the devices and keeping the devices secure.
According to the Ponemon Institute's 2012 Annual U.S. Cost of a Data Breach study, the average cost of a data breach is US$194 per lost or stolen record with an average cost of a data breach of US$5.5 million.Data breaches caused by malicious attacks increased from 31 per cent in 2010 to 37 per cent in 2011, and mobile device theft was responsible for 28 percent of malicious breaches.
Cloud Storage: The popularity of cloud storage is on the rise. Today's most popular services have more than 50 million users combined. But all that perceived convenience often comes at a price. Attacks tend to follow technologies as they become popular.
Sign up for CIO Asia eNewsletters.