Mumbai: Symantec Corp announced the findings of its study on the mounting risk of data loss in Indian enterprises on Nov 4. The study conducted by IDC (India) revealed that 79 percent of organizations highlighted data loss to be their most serious information security concern. This is followed by other threats like virus, and denial of service attacks and spam.

“The need to protect sensitive information like source code, intellectual property, employee and customer accounts has made businesses realize that data loss can turn into a catastrophe and become a competition, compliance and credibility black hole,” said Vishal Dhupar, MD, Symantec India. “It is imperative that as part of their overall security strategy, enterprises protect their information proactively and know where confidential information resides with them, how this information is being used and how its loss can be prevented,” he further mentioned.

Despite the looming threat of data loss, only 15 percent of the surveyed organizations have adopted any form of data loss prevention (DLP) measures. It was reported that this was largely a result of low awareness (32 percent) amongst enterprises on the impact and consequence of data loss, and how DLP technologies could safeguard reputation and revenue of organizations. According to the respondents, more than 50 percent of information residing within their organization is classified as sensitive. As the value and significance of information increases within organizations, instances of data loss are also on the rise. The study finds that more than 16 percent of organizations in India admitted to facing a data loss issue in the recent past. The major causes for these data losses were traced to unaware users, malicious insiders and increasing external threats from hackers and cyber criminals.

As high instances of data loss hit Indian enterprises, 52 percent respondents revealed that compliance and regulatory mandates was a major driver to prevent loss of data. Pressure from international clients was the driving force behind 24 percent organizations, while business continuity was another important factor of consideration for many respondents.

The survey also revealed that majority of users considered firewalls, log analyzers, intrusion prevention and intrusion detection solutions as adequate and appropriate DLP measures. Amongst users of DLP technologies, 84 percent had opted for 'patch' or 'silo' based implementation. In the non-users, 45 percent felt 'no real need' for DLP since they felt that their existing security solutions were enough to keep their information safe. In addition, close to 30 percent of all respondents faced data classification challenges while differentiating between sensitive and non-sensitive information within their organization.

Of the respondents, large enterprises showed the highest awareness of DLP (84 percent), while the awareness and adoption was very low in medium and small enterprises. High-risk industries like banking finance and insurance showed the maximum implementation of DLP with over one-third of the Indian organizations implementing DLP belonging to this sector. The other sectors investing in DLP include IT/ITeS (30 percent), telecom (18 percent), manufacturing (12 percent) and others (six percent).

The findings of the study elucidated how DLP is today being addressed at the highest levels with the CIOs, CTOs or a technical committee having the final say on the deployment in approximately 76 percent of organizations.

Page(s)   1