S'pore firms lack security for social media use
SINGAPORE--Protecting confidential data from being leaked is a major challenge local enterprises are grappling with, but many have yet to implement any form of data loss prevention (DLP), according to a new survey by Symantec.
Released Wednesday, the study revealed that over two-thirds of respondents feel their enterprise networks are increasingly threatened by the use of social networking sites, blogs and podcasts. However, only 34 percent of businesses have deployed some form of protection to address these risks.
Conducted this year, the survey included CIOs, CISOs and IT decision makers from 100 enterprises in Singapore.
Unmesh Deshmukh, director of Symantec's endpoint security sales for the Asia-Pacific region, noted that there were several factors keeping organizations from implementing technologies.
"Traditional security is about putting in place a firewall…or an antivirus system; you're now looking at what is going out, how confidential the data is," he explained in an interview with ZDNet Asia.
Enterprises, he said, are "taking a little bit of time" to first assess what confidential information is. They then have to figure out where the data resides--in the corporate network or the devices--and following that, put in place policies to make sure the right people have access to it.
Lack of manpower and complex security situations are also slowing down the implementation of data protection, added Deshmukh.
However, companies do recognize that they need to put in place tools to address data leakage, particularly with the "consumerization of IT". Those that currently do not have DLP tools in place are "actively looking and talking" to vendors, he noted.
Use social networks, safely
According to the study, enterprises in Singapore are finding it difficult to cope with the surge of social networking tools--76 percent of respondents indicated they were unprepared in managing and governing the use of it. The increasing numbers of employees accessing corporate networks on personal devices also add to the complex situation.
The situation, however, is not peculiar to Singapore. Enterprises that Symantec polled in the Asia-Pacific region also view social networking tools a security threat, and are seeking new ways to protect their networks.
Deshmukh pointed out that rather than banning the use of social media, companies should look at ways to increase productivity using social networking tools, whilst ensuring their networks are protected.
"We [should not] block access, but instead put in place technologies and solutions, and in addition to that, create a culture where people understand what is expected of them as an employee," he said.
"Enterprises need to understand what and how endpoints and social media tools are being used in their organization, identify where and how their sensitive data is being stored and accessed, and establish standards and data security policies to manage, govern and enforce compliance across the corporation."
Pay attention to patching, configurations
The survey also found that all the local enterprises polled have experienced some form of data loss, while half of them incurred lost revenue, direct financial loss and damaged customer relationships as a result of the leakage of information.
In response, Deshmukh stressed the need for a holistic approach toward managing data protection, which includes patch and systems management, as well as the need to recognize sensitive content and prevent them from reaching the wrong hands.
For example, certain information stored in the data center, such as business development data, are deemed less confidential and therefore least protected. Yet, such data could be sought after by cybercriminals.
Enterprises also have to ensure networks are fully secured, as a poorly-configured firewall or antivirus software can allow a resourceful criminal to lay hands on confidential data.
"Poorly-managed systems such as those without with weak applications or databases not properly patched, can also be an entry point for attackers," he added.
At the end of the day, even simple actions, such as logging off one's account when leaving the work desk, can be an effective way of preventing data loss, he added.