Companies working in the internet security business have been conducting annual research for several years on data protection in organisations. Their reports show that fro 2008 to 2011 the situation has changed significantly. Theft and leaks of secret information have massively increased.
At the same time hackers are attacking corporate web sites more often, successfully stealing company secrets. There are specific reasons for this.
1. Data is saved on devices difficult to make secure.
With the development of mobile technologies and wireless communication systems employees of large companies are becoming more interested in accessing their work information using mobile devices (telephones, smartphones, tablet computers, laptops). It is extremely difficult to protect such devices from even simple theft, even though they often contain important corporate information.
2. Workplace remote access systems.
These are becoming more popular, and they are much simpler to break into than internal closed corporate networks.
3. Use of cloud services for storing information.
Corporate cloud systems often lack the necessary security and there is a high risk of losing information stored there. In addition such systems are often located outside the reach of company specialists (hosting in other countries), which makes it harder to organise the appropriate security measures.
4. High demand for corporate data.
The significantly increased demand and high cost of such services encourages hackers to attack company networks. Hackers can easily sell stolen marketing statistical data or development codes for new software at a high price.
5. Incorrect response to discovered vulnerabilities.
In many cases companies do not even realise that information has been stolen. Moreover, only half of companies who discover information leaks try to restore and improve their security system. Only 30% turn to network security consultants and experts.
Experts recommend, as a precautionary measure, that companies strictly control the staff members who have access to secret information.
It is necessary that mobile devices are carefully controlled with, at the very least, password protection.
Information on internal computer systems (and also the stored information) should not be given to people who have no relation to the company’s security services.