Data Security Policies Are Improving, but Risks Keep Rising | eWeek

Data Security Policies Are Improving, but Risks Keep Rising

lumension and it security
Écrit par
Nathan Eddy
Nathan Eddy
Jan 29, 2015
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

IT security departments are responding to data security risks with better policies, improved technology approaches and financial commitment, according to a worldwide study of more than 700 IT professionals by endpoint security specialist Lumension Security.

The majority (51 percent) of organizations surveyed now maintain multiple data protection policies, up 16 percent from when the question was first asked in 2012.

In 2014, 27 percent said they consider their data security policies exhaustive while 18 percent said their policies are minimal, a decrease of 30 percent since 2012.

“There are three areas that organizations with limited budgets need to address when it comes to data protection—culture, policy and technical controls,” Chris Merritt, director of solution marketing at Lumension, told eWEEK. “Everyone, from the CEO to the junior clerk, needs to think security in their daily actions.”

However, organizations report a continued need to defend against different types of attacks, including malware (57 percent), software vulnerability exploitation (23 percent) and denial-of-service attacks (19 percent).

Survey results also indicated businesses struggle with related IT risks. On top of the list this year is accidental data loss by employees, cited by 40 percent of respondents. This represents a 10 percentage point increase from last year’s level.

To combat these risks, organizations are also implementing security training. Of those that are doing so, 46 percent said they offer security training on a formal and ongoing basis and 28 percent do so on an informal, ad hoc basis. Both of these figures have increased from last year. However, 9 percent said they offer no security training.

“I think we will continue to see an ever-evolving, more sophisticated onslaught of malware attacking through various means such as phishing, bad apps, drive-bys and so on,” Merritt said. “We will see continued growth in two areas in particular: malware designed to attack Macs—Apple OS X systems—and designed to attack mobile phones, both iOS and Android.”

Just 8 percent maintain an “open access” policy while a fifth allow access with employee education and 16 percent limit access to higher-level staff. Additionally, one-fourth permit “controlled access” while more than one-fourth restrict access.

Those that assign less than 2 percent of their IT budgets to security fell 26 percent from last year and those that dedicate as much as 10 percent grew by 34 percent.

“The area that I think we’ll see the biggest noise in 2015 is destructive malware—be it ransomware meant to hold data hostage or truly evil malware designed to erase all digital information within an organization, such as was seen at Sony recently,” Merritt said. “This trend is particularly worrisome because it does more than steal data. It can lead to severe business disruptions or even going out of business, as it has done in a couple of cases recently.”

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.