Many “security professionals” are clueless

Jon Oltsik of Enterprise Strategy Group reported on the state of security as large organizations, and the news is not good. You know the stories of data thefts at Choicepoint, Bank of America, and Siesint – large amounts of personal data stolen, and not necessarily via an IT hack. It seems they are the tip of the iceberg.

In the survey Oltsik’s firm conducted, roughly one-quarter of large firms (those with more than 1,000 employees) polled experienced a security breach in the last year. Can the news get worse? Well of course, or I wouldn’t have asked you that question.

It is one thing to be victim of data theft; it is quite another to not know whether you have been. And approximately 27% of those surveyed by ESG were unaware of whether they might have been breached. This is a much more dangerous situation. A firm that admits to a security breach reflects the fact that there are specific security protocols in place, and metrics for determining their effectiveness. A firm that has no clue if they have been breached is missing these policies and procedures, and/or any effective feedback mechanism.

You can read Jon’s full report in Want to prevent ID theft? Get back to basics, where he outlines more details from the ESG survey, and well as some simple suggestions to shore up data security.