The following is a summary from an article by Dunbar, Thomas.
Every company is reliant on technology, and data is often a critical asset. Managers and IT personnel must monitor reports via their computers and mobile devices 24/7, but even that seems to be an ineffective way to keep up. According to Financial Times, companies generate 2.5 exabytes of data. This much data means that 90% of the stored data today has been created in the past two years.
With this unprecedented growth, new threats emerge. These risks have been historically been the domain of the IT department, but while cyberrisks are by definition rooted in technology, they are not actually technological risks; they are business risks. Business risks are best addressed through a holistic risk management process that includes quantification, assessment, mitigation and systematic risk identification.
Data Breach Facts in 2011
* 97% of breaches were avoidable through simple or intermediate controls
* 96% of attacks were not highly difficult
* 96% of victims subject to the Payment Card Industry Data Security Standard (PCI DSS) had not achieved compliance
* 94% of all data compromised involved servers
* 92% of incidents were discovered by a third party
* 85% of breaches took weeks or more to discover
* 79% of victims were targets of opportunity
The article also suggests 3 steps for risk professionals to better protect their company's most important assests: Data.
Step 1: Assemble a Cyber-Risk Team
Step 2: Identify and Assess the Risks
Step 3: Develop an Incident Response Plan
To read more click here.