SAN JOSE, CA--(Marketwire - November 12, 2008) - Cisco (
NASDAQ:
CSCO) today issued the third
and final set of findings from its global security study on data leakage,
shedding light on the employee "insider threat" to corporate information.
The latest security findings compare the information technology
profession's biggest concerns around employee risk with the reality of
employees' behavior, which regardless of whether it's inadvertent or
malicious, can impact company brands and cost businesses a fortune.
Conducted by InsightExpress, a U.S. market research firm, the security
study was commissioned by Cisco to assess the implications of data leakage
as businesses become more collaborative, mobile and distributed. The latest
findings
(
http://www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns895/white_paper_c11-506224.html) round out previously published research on employee
data leakage mistakes and corporate security policies. All three sets of
security findings (
www.cisco.com/go/dlp) are drawn from surveys of more
than 2,000 employees and IT professionals in 10 countries: the United
States, the United Kingdom, France, Germany, Italy, Japan, China, India,
Australia and Brazil.
"The blending of work vs. home and public vs. private means that data can
be accessed, transmitted, stored and stolen from anywhere at any time,"
said John N. Stewart, chief security officer of Cisco. "As a result, the
approach to data protection must change. From the largest corporate
enterprise to the youngest consumer, we all share the responsibility to
maintain awareness and discipline in protecting information. As we've said
all along, this research presents an opportunity to evolve security toward
a necessary combination of education, policy and technology."
Such change begins with IT, Stewart added, particularly with the perception
of employees' behavioral impact on data loss. One of the study's most
noteworthy findings is IT's widespread belief that employees are becoming
more cognizant of security risks and are more diligent in protecting data.
For example, four of every five IT professionals in China and one of every
two in France believe their employees have become more committed to
protecting corporate information over the past few years.
But the research suggests a different story, casting light on one of its
most sobering findings: While the majority of security threats exist
outside an organization, the study shows that the "insider threat," whether
it's accidental or malicious, can be as prevalent as any external source.
Understanding the Insider Threat
-- Internal v. external threats: The majority of IT professionals
believed their employees posed a more serious threat to data security than
outsiders. About two in five (39 percent) perceive negligence among
employees as the main reason, and one in five pointed to disgruntled
workers as data security risks.
-- Portable hard drives: One in three IT respondents said portable hard
drive devices are their top concern for how data is leaked - more than
email (25 percent), lost or stolen devices (19 percent), and verbal
communication with non-employees (8 percent).
-- Lost or stolen devices: About one in 10 employees lost or had a
corporate device stolen in the year leading up to the study, creating a
data loss incident for themselves and their companies.
-- Stealing and selling information and devices: One in 10 employees (11
percent) admitted stealing data or corporate devices, selling them for a
profit, or knowing fellow employees who did. This finding was most
prevalent in France, where one in five (21 percent) employees admitted
knowledge of this behavior.
-- Keeping devices after leaving a company: Some employees admitted
keeping their corporate devices and information after leaving their jobs,
and their reasons varied from personal to vindictive: "I needed the device
for personal use"; "I wanted to get back at my company"; and "The company
won't find out."
"We speak about intellectual property as the most important data set to
protect, whereas the highest cost and impact is when an organization loses
customer data," Stewart said. "If you think about it, it's the most
important data to protect in an organization because it isn't yours. You
are just a guardian and customers rely on your diligence to protect their
information.
"Employee data, which almost all organizations have somewhere, is an
additionally important data class as we want those who work for and with us
to rest assured that their personal information is secure and safe,"
Stewart added. "And of course, intellectual property data is clearly valued
and many times proprietary. In all cases though, data loss can undermine a
company's brand, ruin competitive advantage, impact shareholder value,
erode customer trust, and jeopardize vital partnerships."
Stewart noted that companies can take a number of recommended steps to
minimize risk and contain the costs associated with data loss.
-- Identify the data that needs to be protected
-- Make no assumptions that employees know what data to protect
-- Integrate corporate entities into the same security culture
-- Provide the same security education on behavior, policy and safety
everywhere
-- Keep in touch with employees and their jobs
Today, security executives from Cisco present the study's final set of
findings in greater detail during the company's inaugural Cisco IT Security
Virtual Conference. To attend the security conference, go to:
http://events.unisfair.com/index.jsp?eid=331&seid=29&code=168073_3
About Cisco
Cisco (
NASDAQ:
CSCO) is the worldwide leader in networking that transforms
how people connect, communicate and collaborate. Information about Cisco
can be found at
http://www.cisco.com. For ongoing news, please go to
http://newsroom.cisco.com.
Cisco, the Cisco logo and Cisco Systems are registered trademarks or
trademarks of Cisco Systems, Inc. and/or its affiliates in the United
States and certain other countries. All other trademarks mentioned in this
document are the property of their respective owners. The use of the word
partner does not imply a partnership relationship between Cisco and any
other company. This document is Cisco Public Information.
For direct RSS Feeds of all Cisco news, please visit "News@Cisco" at the
following link:
http://newsroom.cisco.com/dlls/rss.html
Contact Information: Media Relations:
Neil Wu Becker
Cisco Systems, Inc.
408 525-7415
nebecker@cisco.com
Industry Analyst Relations:
Todd Hanson
Cisco Systems, Inc.
408 853-8255
todhanso@cisco.com
Investor Relations:
Marilyn Mora
Cisco Systems, Inc.
408 527-7452
marilmor@cisco.com