75 per cent of companies can't track data theft

Companies still do not have systems in place to track and trace data theft, according to a new survey.

The study of 100 IT directors in companies with more than 1,000 employees found that 75 per cent of respondents did not have any means of tracking data loss following a breach in company defences.

Of the one in four that do have systems in place, 60 per cent reported that it took several days to identify security breaches involving data theft and just 20 per cent reported they were able to perform the appropriate forensics within one working day.

"Despite the potential liabilities and risk to their companies, it is startling that IT directors in the UK are largely unable to perform simple forensics to determine data theft," said Ross Brewer, managing director of European operations for LogLogic, the company that commissioned the survey.

He said it was equally disturbing that relatively few companies even have the ability to "properly monitor employee movements and the data linked to those employees, while acknowledging the awareness of the risks of reputational damage, theft of intellectual property and potential fraud."

The research, carried out by Vanson Bourne, found that of those companies that do not have a system to track data theft, 80 per cent report that they are "concerned", and cite a lack of budget as the key reason for the failure to address the security issue.

Monitoring or tracking employees was also a concern with 40 per cent of those surveyed reporting that they are not immediately aware when an employee leaves or is terminated from their organisation. The report also found that over half of those surveyed admitted that they do not know how employees' data is handled before or after they leave.

Analysts that that while organisations construct elaborate defences to protect them from external threats, such as firewalls and encrypted passwords, most ignore the threat from within.

"Corporate data, some of which may be confidential, can be transferred via a wide range of methods (e.g. memory sticks, CD, DVD, e-mail, and IM) allowing this data to be removed from the employers corporate data repository and used for nefarious purposes, such as blackmail or selling trade secrets," said Roy Illsley, senior research analyst at Butler Group.

"It's vital that organisations recognise how simple it is for infringements to take place and take appropriate preventative action," he said.

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.