Social Media Release: Data Leakage Worldwide Part 2 -- Cisco Research Assesses Effectiveness of Security Policies
November 3, 2008, 5:00 a.m. PDT
Part 2: Highlights / Key Facts: November 3, 2008
- Cisco releases second set of behavioral research findings on data leakage that features perceptions and behavior of 2,000 employees and IT professionals in 10 countries: the United States, United Kingdom, France, Germany, Italy, Japan, China, India, Australia, and Brazil.
- Key Findings: The Effectiveness of Corporate Security Policies
- One in four companies do not have data protection or security policies.
- Policy awareness gap between employees and IT: Between 20-30 percent more IT respondents are aware of security policies than employees.
- Communication disconnect: IT oftentimes communicates policies in an indirect, non-verbal manner, such as email, voicemail, paperwork, etc. Lack of direct, verbal engagement a big reason for gap in IT-employee security policy awareness.
- Top reason why employees defy corporate security policy: Lack of alignment between policies and reality of doing their jobs.
- One of five IT professionals said data leakage incidents involved the loss of customer data.
- Cisco Chief Security Officer John N. Stewart and other executives from the company describe research findings, provide recommendations for establishing and communicating security policies to employees and explain how to protect businesses if policies are broken. http://tools.cisco.com/cmn/jsp/index.jsp?id=80358
Part 1: Highlights / Key Facts: October 21, 2008
- Cisco releases behavioral research revealing the most common data leakage risks and mistakes employees make in businesses of all sizes, in various industries around the world. (www.cisco.com/go/dlp)
- The research features perceptions and behavior of 2,000 employees and IT professionals in 10 countries: the United States, the United Kingdom, France, Germany, Italy, Japan, China, India, Australia, and Brazil.
- Key Findings: Many employees admit a number of risky behaviors, such as:
- Altering security settings to bypass corporate security policies and access unauthorized sites
- Accessing unauthorized areas of networks and facilities
- Sharing sensitive corporate data with non-employees
- Sharing corporate devices with non-employees
- Losing portable storage devices
- Allowing others to "tailgate" behind them into corporate facilities
- Leaving devices with passwords to personal financial accounts and corporate systems unattended and unlocked
- Cisco Chief Security Officer John N. Stewart and other executives from the company provide insight into their experiences and approaches to preventing data loss as guidance for businesses and their IT organizations: http://tools.cisco.com/cmn/jsp/index.jsp?id=79228
Tags / Keywords:
Security, Cisco security, network security, data loss, data leakage, data loss prevention, data protection, IT security, employee behavior, IT perceptions, security policy, IT policy, corporate policy, policy
Links / URLs:
- Research results:
- White paper Part 1:
- White paper Part 2:
- Cisco Platform blog: Do You Know Where Your Data Is?
- Cisco Platform blog: Picture Window
- DigItAll Consumer: Data Leakage Concerns for Consumers:
- DigItAll Consumer: How to Avoid Vulnerabilities Online:
- DigItAll Consumer: Threats to Consumers on the Internet:
- YouTube Channel:
- John N. Stewart, Chief Security Officer, Cisco
"Businesses are enabling employees to become increasingly collaborative and mobile. Without modern-day security technologies, policies, awareness and education, information is more vulnerable. Today, data is in transit, in use, within programs, stored on devices, and in places beyond the traditional business environment, such as at home, on the road, in cafes, on airplanes and trains. This trend is here to stay. To protect your data effectively, we need to start understanding the risk characteristics of business and then base technology, policy, and awareness and education plans on those factors."
- Internet TV Broadcast on Study Results
- John N. Stewart: Cisco CSO's Security Strategy
- Christopher Burgess: Data Leakage & the Threat Landscape
- Nasrin Rezai: Cisco's Approach to Preventing Data Leakage
Traditional Press Release:
RSS Feed for Cisco: http://newsroom.cisco.com/dlls/rss.html