Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Data losses are still a regular occurrence, and IT managers often have no idea about the scale of the breach, or whether it is accidental or intentional.
Lord Errol, one of the panellists, believes that this issue is compounded by recent job cuts across all businesses, which can add to what he calls the " fraud triangle" of pressure, opportunity and rationality.
He added that the punishments for data losses, both to individuals and organisations, are simply not strong enough, and that the current structure provides no real incentive for the effective prevention of data loss.
Lord Errol admitted that he was not sure of the best form of punishment, be it imprisonment, community service or higher fines, but stressed that the current low conviction rates and small fines are not much of a deterrent for cyber criminals or businesses.
Julia Harris, head of information security at BBC Future Media & Technology, agreed with Lord Errol's comments, adding that even the best policies will often be broken when an employee is under pressure to deliver. She added that it is imperative to make sure that best practices and policies are robust, effective and easy to follow, otherwise they will simply be ignored.
"Don't trust internal networks any more than the internet," Harris said. "In these days of huge global networks, remote working and increased interactivity, it is imperative to move controls closer to the data."
She concluded that IT security is often perceived as a necessary evil, and that the current economic crisis means that budgets are under increasing pressure. So it is important to get the backing of senior management to make sure that data security is not neglected or discarded.
Dan Blum, senior vice president and principal analyst at Burton Group, pushed for the development of more uniform cyber security laws, the implementation of proper privacy checks and balances, and more co-ordinated enforcement and response.
"We need to take a more tactical approach to protecting our data," he said. "For instance, encryption is great but trying to encrypt every bit of data in the entire business is like trying to boil the ocean, or at least a very large lake."
Incidents over the past 12 months have shown that human error has a major part to play when it comes to sensitive information being lost.
It is often the most junior member of staff who is given the "boring" job of back up, but this should no longer be the case given the strategic importance of sensitive data to the majority of businesses.
The panellists' comments were echoed by Alastair Molyneux, business development manager at data protection firm Kroll Ontrack.
"Companies often find it impossible to quantify the value of data within the organisation, and as such they need proper procedures for safeguarding information that are both robust and reliable. While cutbacks may have to be made, this should never result in exposure to unnecessary risk," he said.
"Ultimately, data protection policies should be uniform across an entire business, independent of the individual who is given the responsibility. This is the only way to ensure the best possible defence."
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.