Beyond Laptops: Why Mitigating Mobile Enterprise Risk Should Be a Priority
CRANBERRY TOWNSHIP, PA, July 7, 2010 - Unlike any year, in 2009, Tiversa continued to see sensitive data breaches rise to meteoric levels. As reported by the media, hundreds of breaches exposed millions of individuals. In the first half of 2010, more than 6 million individuals have been exposed due to breached data. Outside of human error, part of the cause is due to an archaic inside-out approach to data security. Defining business rules and categorizing information for inspection are both time-intensive and hard to manage. In a global, border-less society, it's well-established that the a perimeter-only strategy is a thing of the past and is typically where conventional rules for security, privacy and risk fail. It’s most certainly an area where information security needs to increase focus with cyberintelligence solutions, as we continue to see sensitive data being leaked through authorized channels and third-parties that comprise the Extended Enterprise.
Tiversa has found that 93% of Peer-to-Peer (P2P) file disclosures emanate from contractors, suppliers, attorneys, accountants, or employees working from home. As information continues to flow outside of an organization, we continue to see a large amount of sensitive data being spewed onto file-sharing networks. Whether it’s a medical billing company or hospital leaking patients’ Protected Health Information (PHI), a Fortune 500 organization disclosing sensitive payroll information, salary histories and SSNs, or an attorney inadvertently exposing patent strategy documentation for a global conglomerate or stealth start-up, P2P file disclosures happen. And they happen quite frequently.
In an ongoing study, Tiversa has now found that the Extended Enterprise continues to grow and has expanded into the mobile world of smartphones and other devices. Tiversa identified a large number of mobile devices actively participating in internet-based, file-sharing networks. This research illustrates the continued worldwide growth of these networks as mobile devices increasingly play a vital role in the critical operations of many organizations. “Lost laptops certainly get a lot of media attention, but the number of unreported breaches due to inadvertent data disclosure on file-sharing networks is astonishing. If consumers knew just how much of their sensitive information was being sought-after and harvested by cyber criminals on these networks, they would be absolutely floored”, says Scott Harrer, Brand Director at Tiversa. “It’s the equivalent of 500 million lost laptops. Obtaining an SSN is as easy as doing a search for Lady Gaga.”
Managing mobile enterprise risk already poses its own unique challenges, but it is now even more concerning to information security experts with the explosion of P2P and document sharing apps being developed for smartphones, such as the Android-powered DROID and Nexus One, Apple iPhone, RIM Blackberry, and the Palm-Pre. With file storage applications, such as the popular iPhone app AirSharing, users can share files from Windows, Mac OS X, and Linux systems right from their mobile device. (AirSharing is already available on the iPad).
Combining these facts with very “loose” approaches to mobile-device encryption is the perfect storm scenario for a major data breach. In a late 2009 survey conducted by Sophos (Security Threat Report 2010), 50% of respondents stated that their mobile device was not encrypted. 24% were unsure and 26% stated that there mobile device was encrypted. Also identified was the fact that touch screens and small displays on such mobile devices can benefit fraudsters by limiting the amount of information a user sees. This increases the rate at which users accept deceptive offers.
So as you evaluate your information security strategy for the remainder of 2010 and into the coming years, ask yourself this: How does your organization secure files outside of your perimeter, judge policy effectiveness and audit existing protocols in real-time? As mobile devices and smartphones continue to evolve, vulnerabilities will be found and exploited. Ensuring that your organization has a proactive monitoring solution in place to detect inadvertent data disclosures as they happen can dramatically mitigate risk and help in preventing them in the future.
About Tiversa
Tiversa provides P2P Intelligence and Security Services to corporations, global law enforcement, government agencies and individuals based on patented technologies that can monitor over 450 million users issuing 1.6 billion searches a day. Requiring no software or hardware, Tiversa detects, locates and identifies exposed files in real-time, while assisting in remediation and future prevention efforts.
For more information, please contact Tiversa at (724) 940-9030. |
|
General Info
Email Us
Press Contacts
Email Us
|
