Orthus Research Identifies I.T. Departments As Biggest Source Of Sensitive Data Leakage.

Feb. 2, 2011 - PRLog -- The research analysed the ways in which typical users accessed, processed, stored and transmitted corporate sensitive information including intellectual property, personal and financial information. It identified which users were removing sensitive data, where they worked and exactly how and when it was removed. The results were surprising.

The findings showed that information technology (IT) personnel were responsible for an overwhelming 30% of all incidents of data leakage identified during the course of the 5 year research. The findings strongly supported the premise that trusted users are the most likely to be the source of information leaks.
The analysis identified exactly who and how sensitive information assets are removed from the corporate infrastructure providing time and date stamped visual evidence of these “data leaks”.

The analysis identified that the following departments were responsible for the amount of data leakage identified:

•   Information Technology Department – responsible for 30% of the incidents identified
•   Customer Service Department – responsible for 22% of the incidents identified
•   Other – (Non-Traditional Departments, third party and contractors) - responsible for 16% of the incidents identified
•   Sales Department – responsible for 12% of the incidents identified
•   Operations Department – responsible for 10% of the incidents identified
•   Marketing Department - responsible for 6% of the incidents identified
•   Human Resources Department – responsible for 2% of the incidents identified
•   Legal Department – responsible for 2% of the incidents identified

Richard Hollis, Managing Director of Orthus said “The research proves the rule: that the higher level of access privileges – the greater the propensity for abuse. Companies need to address the insider as the primary threat to their business. Until this is done no real security can be achieved”. (http://www.orthusintel.com)

The research was accomplished through the deployment of software agents on endpoints, servers and terminal servers. The software visually recorded evidence of data being removed through unauthorised actions. The research for instance identified if and when sensitive information was sent or copied to an unauthorised device (such as a PDA, MP3 player, USB flash drive or mobile phone) or if it was uploaded or transferred through an unauthorised application (IM or social networking sites).

Each audit was customised to include keywords and phrases specific to the individual companies, as well as a list of files folders and shares containing particularly sensitive information.

For more information or a copy of the survey contact cathy.jacobs@orthus.com

# # #

Orthus is a leading provider of Information Security, Business Continuity, and Data Compliance services, with over 100,000 supported systems globally. Orthus provides a range of simple packaged solutions to identify, minimise and manage security, compliance and business continuity gaps before incidents escalate.
These services are delivered by Orthus resilient infrastructure and supported by expert consultants backed up by unsurpassed service level guarantees and full cost coverage for data breaches, compliance failures and downtime. This ensures incidents are caught before they become major problems and customers can continue with Business as Usual, Guaranteed at a low predicable cost. For more information, please visit http://www.orthusintel.com