Almost two thirds of companies say they have deployed new information security technology over the last year, but many are simply failing on the basics when it comes to protecting their data, according to research.
Companies are still regularly failing to secure file folders on networks despite that being the biggest vulnerability point leading to unauthorized disclosure of confidential information.
Recent research investigating the main threats at organizations have found that 38 percent of companies had experienced one or more information security breaches within the past year.And nearly one-third (31 percent) of respondents felt their organization does an “inadequate job” of protecting confidential and sensitive information. In addition, 36 percent noted that either their organization does not have a formally documented policy about how company information is stored, managed and shared – or that they didn’t know if such a policy existed.
Despite this many companies are taking proactive steps to address information security breach issues, with 59 percent of respondents stating their organization had implemented new information security solutions, systems and/or protocols within the past year.
The prevalence of information security breaches can be seen as a direct result of having an ineffective information management strategy. It’s clear that businesses need better information management solutions to deliver the document control and security features required to protect confidential information, while still making it quick and easy for users to find the information they need.
While unsecured network file folders are where most respondents felt their company is most vulnerable to internal information security breaches, paper files (46 percent) and data exposed by personal file sharing apps (44 percent) were also noted as weak points.
When asked about proactive steps their organization has taken to mitigate potential information security breaches, 62 percent said their company has created and communicated formal information governance policies to their employees, and 59 percent have changed security and access rights to sensitive information.
Businesses of all sizes must take information security seriously, looking at the whole organization – people, processes, governance and technology – in order to better address their security and access control requirements.
But throwing more security tools at the problem and hoping for a different result is not getting us anywhere. If the continued rise in the number of breaches is an indicator, we need a different approach. An approach that balances the current appetite for security tools with a strategic plan. A strategic plan that empowers IT and Security teams, the C-Suite and Boards of Directors to make better decisions and gain confidence in their security posture. The time for expert ISO 27001 implementation is now!
Contact us today for a complimentary consultation.