Less than 35 percent of respondents said they have an accurate inventory of employee and customer personal data, and only 31 percent reported they had an accurate accounting of locations and jurisdictions of stored data.
The report also stated that 88 percent of consumers use a personal mobile device for both personal and work purposes, yet only 45 percent of companies have a security strategy to address personal devices in the workplace.
Ross Brewer, vice president and managing director of international markets at LogRhythm, made the following comments:
It amazes me that so many organisations still overlook the importance of something as simple as keeping tabs on their data.
Unfortunately, when it comes to Big Data, many organisations also neglect the fact that rather than being a hindrance, Big Data analytics can actually offer invaluable intelligence which will help them greatly improve their IT security.
Furthermore, organisations dealing with the growing BYOD phenomenon or other causes of data increases can get so distracted by security tools – or lack thereof – that they underestimate the value of the information already held within their internal IT systems. As a result, this data is all too often ignored, processed in an inefficient manner or used solely for reactive, forensic purposes.
Organisations must realise that the only way to ensure that cyber threats or other network issues can be effectively identified is to have a 360 degree visibility into every piece of data being generated by IT systems.
And in today’s climate of growing, disparate IT estates, the need for a proactive, continuous and granular view of all activity has never been more important. This helps organisations identify, isolate and remediate any issues as soon as they occur – making it essential to have centralised systems in place that can collect and analyse and most importantly of all, add context to all IT data as and when it is generated. So, rather than shy away from the task of Big Data analytics, organisations should first understand the security benefits that this intelligence can provide and then acknowledge that automation is the only way to effectively navigate the data labyrinth and truly secure their IT networks.
The report also revealed that despite an increase in the number of respondents reporting 50 or more security incidents, fewer than half (45 percent) expect an increase in their budgets in the next 12 months.
The PWC report also highlights another inherent issue in the motivations driving the decisions behind IT security strategy – the fact that budgets do not increase even though security incidents do. LogRhythm’s own research shows that 52 percent of UK businesses have not seen the proportion of IT budget spend on security increase in the last five years, and 77 percent stated that the implementation of data breach penalties, such as the EC’s proposed two percent of an organisation’s global turnover, would motivate them to increase the spending on IT security. This compliance-driven attitude towards IT security must stop if organisations want to ensure they protect the data that they are entrusted with.