Companies have been told that they need to focus on protecting key business information as much as they do customer data, according to the findings of a new survey.
The Value of Corporate Secrets study, carried out on behalf of RSA and Microsoft, surveyed 305 IT security decision makers and found that, although many protect against data theft, few resources are devoted to protecting secret trade and company information.
The report by Forrester Consulting found that whist 90% of companies comply with data laws, breach regulations and security policies but then weight them against “custodial data”, when they should be protecting internal company secrets.
“Companies are spending money to protect customer, medical and payment card information, as they should, but more emphasis needs to be placed on protecting the intellectual property and data that has intrinsic value to an organisation, ” said Sam Curry, chief technology officer for marketing at RSA.
“The loss of intellectual property can cause long-term competitive harm to an organisation. The recent and highly sophisticated attacks targeting intellectual property at large multinational companies are examples of this type of loss.”
The survey also found that the majority of companies tend to focus primarily on protecting against accidental loss, neglecting potential internal threats, such as employees, contractors and “trusted outsiders”. It was claimed that internal data breaches can be up to ten times costlier than accidental loss.
“Insider risk is a real and growing threat, and the modern enterprise environment of collaboration with a variety of outside parties creates more opportunities for leakage and theft,” said John Chirapurath, senior director of the Identity and Security Business group at Microsoft.
“This data illustrates that the more a company has to lose in terms of information value, the more criminal activity it will face.”