Increasing use of IT infrastructure by Indian enterprises has led to growing security risks such as loss of critical data, a study by the intelligence marketing firm IDC (India) Ltd. has revealed.
"About 80 per cent of Indian enterprises have agreed that loss or theft of critical data is a serious information security risk they face after threats from viruses and hackers," the survey, commissioned by security solutions provider Symantec India, said in its latest report.
Though enterprises have been sanguine on investing heavily in building their IT infrastructure for end-to-end efficient operations, adoption of technologies to prevent or detect data loss has been abysmally low due to lack of awareness or seriousness over the implications of the risk.
"The need to protect sensitive information like source code, intellectual property, employee and customer accounts has made enterprises realise that data loss can turn into a disaster in terms of competition, compliance and credibility," Symantec India managing director Vishal Dhupar told IANS here.
The survey, conducted in August involving heads of IT infrastructure in verticals spanning banking and finance, manufacturing, media and entertainment, telecom, and IT and IT-enabled services, showed only 15 per cent of Indian enterprises had any form of data loss prevention measures in place.
The awareness on the impact and consequence of data loss or how prevention technologies could safeguard them was only 32 per cent among the 142 enterprises that responded to the survey.
"In fact, 16 per cent of the enterprises admitted to have lost data in the recent past for various reasons, including unaware users, malicious insiders and external threats from hackers and cyber-criminals," Dhupar said sharing the findings of the survey.
Keeping in view the criticality of data, large enterprises in verticals like banking, finance and insurance (BFSI) and IT/ITeS have been early adopters of data loss prevention technologies, as about 50 per cent of the data is sensitive to their operations.
"But medium and small enterprises in diverse verticals have been lagging in adopting prevention measures due to difficulty in data classification, budgetary constraints and lack of priority or importance of protection," Dhupar averred.
The survey also revealed how a majority of enterprises considered firewalls, log analysers, intrusion prevention and detection solutions as adequate to protect their data from being lost or stolen.
Among enterprises adopting data loss prevention technologies, over 80 per cent of them opted for patch or silo based implementation, while 45 per cent of non-users felt no need for such technology under the assumption that security solutions were enough to protect their data.
"High-risk sectors like BFSI have implemented technologies to prevent data loss, while 30 percent of enterprises in IT/ITeS, 18 per cent in telecom and 12 per cent in manufacturing have invested in protecting their sensitive data," Dhupar noted.
Even as data loss from desktops or personal computers remains a serious threat, increasing usage of laptops and smart phones by their mobile workforce poses a greater risk to enterprises.
According to a Gartner Consumer survey, sale of laptops is projected to grow by 37 per cent in 2009 to 3.69 million units, constituting one-third of the total PC (personal computer) market, which is set to grow only by 13.7 per cent to 1.1 million units.
"The increasing trend of mobile workforce poses a greater challenge to enterprises in protecting data stored in laptops or smart phones if they are lost, misplaced or stolen. Even unsuspecting employees can steal a company's data stored in laptops for gain or ulterior motive, resulting in loss of confidential, sensitive or proprietary information," Dhupar pointed out.
A study by the US-based Ponemon Institute, about 60 per cent of employees who are either sacked or resign steal company data to leverage a new job.
About 60 per cent of employees who recently changed jobs reported taking confidential data from their previous employer. This included customer lists, employee records, non-financial information. The top three ways data is lost are through CDs,DVDs and USB drives.
