Connections +
News

Study finds nearly 40% of large organizations don’t monitor databases for suspicious activity

Database security vendor Application Security Inc. today announced the results of a survey that it says underscore ...


June 4, 2007  


Print this page

Database security vendor Application Security Inc. today announced the results of a survey that it says underscore the serious challenges organizations face in securing sensitive data.

With more than 150 million data records exposed in the past two years, the survey also highlights an organizational disconnect between the realization of the threat and the urgency in addressing it.

Conducted by the Ponemon Institute, a firm that specializes in data security and privacy, the survey involved 649 respondents in corporate information technology (IT) departments worldwide.

Respondents averaged more than seven years of experience in the information security field.

The two firms noted that in an increasingly precarious balancing act, organizations are wrestling with how to protect data from misuse by external and internal forces while expanding access to the same data to drive business initiatives.

Highlighting these challenges, the survey reveals that:

* An estimated 40% said their organizations do not monitor their databases for suspicious activity, or don’t know if such monitoring occurs. Notably, more than half of these organizations have 500 or more databases — and the number of databases is growing.

* Trusted” insiders’ ability to compromise critical data was cited as the most serious concern with 57% perceiving inadequate protection against malicious insiders and 55% for “data loss” by internal entities.

* The majority of respondents (78%) believe that databases are either critical or important to their business. Customer data represents the most common data type contained within these databases.

Data can be monetized quickly and the bad guys know it,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “Organizations that fail to protect their data effectively are proving easy targets – often left to contend with considerable damage to their reputations and financial results.”

The survey results were released at the Gartner IT Security Summit in Washington, D.C.