Network Endpoint Security News - Watch Your End

A new survey released by the IT Compliance Policy Group has pointed to a direct link between an organization’s success at IT and corporate compliance and the number of security breaches they suffer.

According to the research, which looked at 2,000 different companies, those with 10 or more audit deficiencies will have at least 12 data security breaches in the year. Companies with two or fewer compliance deficiencies annually are likely to have two or fewer data losses or thefts in the same time period, according to the report

News emerged yesterday of two separate data losses that will once more leave UK Goverment agencies red-faced. In Northern Ireland, the Driver & Vehicle Agency (DVA) admitted that it had lost 6,000 driver records on two discs being sent to the agency’s headquarters in Swansea. The DVA confessed that the data had not been encrypted and included details of 7,685 vehicles and more than 6,000 vehicle keepers.

The data includes the keeper’s name, address, registration mark of the vehicle, chassis number, make and colour.

In a separate incident Finance Secretary John Swinney will today tell MSPs how a package containing details of 200 people went missing temporarily. The package containing pension benefit statements was lost after being sent from the Scottish Public Pensions Agency to NHS Greater Glasgow on October 26.

Following the data loss debacle at Her Majesty’s Revenue and Customs in the UK, the government has admitted that it will consider revising the 1998 Data Protection Act in an effort to ensure such a large-scale security breach does not happen again.

The Ministry of Justice has now confirmed that the review - to be carried out by information commissioner Richard Thomas and Mark Walport, director of medical research charity the Wellcome Trust - will consider whether there should be changes to the way the Data Protection Act works.

The incident has also prompted calls for a review of proposed information sharing legislation, which would enable government agencies to share more data about UK citizens.

The UK’s Information Commissioner, Richard Thomas, has described the lack of security measures put in place by banks, government departments and other bodies as “frankly horrifying”. He has called on those at the top to be accoutable for the IT secruity measures across their wider organizations.

In the past 12 months, the Information Commissioner’s Office (ICO) has dealt with more than 24,000 complaints and prosecuted 16 individuals and organizations. According to the ICO’s annual report, more than a third of complaints concern a likely data breach.

Organizations currently under investigation by the ICO include top high-street banks, retail giants and telecoms providers.

New research shows that data theft and regulatory compliance have overtaken virus and access control as IT security managers’ top concerns.

But while 38 percent of respondents cited data theft as their top management concern, it seems that board-level buy-in is still difficult to secure. Forty-three percent of respondents (compared with 33 percent in 2006) said they were more concerned with internal threats, such as staff passing on confidential information or stealing intellectual property.

Undertaken by market researcher, Vanson Bourne, the second annual poll of 100 UK information technology (IT) security chiefs found that viruses, the prime concern of 55 percent of respondents a year ago, were cited by just 27 percent in 2007.