As attacks on data rise, corporate teamwork fails

As the TJX Companies data leakage incident seeped its way further toward becoming the Exxon Valdez of corporate information spills this week, researchers reinforced the notion that businesses continue to make a mess of electronic data security because they fail to foster adequate internal communication.

A new report from Ponemon Institute -- which has produced a series of studies into corporate data leakage over the last several years -- concluded that the various people in charge of collecting, protecting, and managing sensitive information inside large businesses typically don't collaborate sufficiently. Those constituencies also have widely differing views regarding their respective roles in safeguarding the content, the report contends.

Echoing comments made by a number of security policy experts in recent months, the study highlights the fact that companies are likely failing to protect data based on broken business processes -- at least as much as they may be succumbing to complex technological challenges.

Just as many software developers complain that their applications are left vulnerable to attack because business teams refuse to wait long enough for the programs' underlying code to be made secure, the results of Ponemon's survey of 3,600 IT security and marketing executives -- located in the United States, the United Kingdom, and Germany -- illustrate a distinct lack of organizational coordination in the name of protecting data.

For instance, only 30 percent of the marketing workers interviewed for the study said they actually consult security teams before collecting and using sensitive information, while 80 percent of the IT security employees surveyed indicated a belief that they are typically involved in such decision-making.

In addition, while only 53 percent of IT security workers surveyed said their companies have well-coordinated data protection policies, only 32 percent of those workers who handle the information said their employers are doing an adequate job. Some 45 percent of security workers don't feel that their data-handling rules get in the way of business objectives, while only 21 percent of the people using the content feel that such policies represent roadblocks to their productivity.

And in yet another blow to the perceptions of security workers, only 21 percent of the marketers using sensitive information interviewed by Ponemon said that security teams play a leading role in defending the content.

At the heart of the matter is the issue of poor collaboration between all the involved parties, according to the research firm. Only 29 percent of those interviewed said their companies' current policies would be adequate to handle a major breach within 24 hours of its occurrence.

Based on the results, Ponemon contends that organizations with substandard data protection collaboration policies were twice as likely as to have had a data breach within the last two years.

Therein lays the ultimate proof of collaboration's impact on data protection, said executives with Microsoft, which sponsored the research report.