Half of organisations don’t think their clients’ data is sensitive, research finds
More than half of organisations believe their own data is more valuable than that of their clients, despite a rise in third-party and insider breaches, new research by cybersecurity firm IS Decisions reveals.
When asked what they believed to be “sensitive”, 74% of organisations said corporate credit card data, 71% said personal information about employees, yet only 62% said client contact information and 52% said client data in general.
With third-party attacks and internal breaches on the rise, this mentality will worry those that operate with large and complex supply chains given the lack of control over data security once it lives on third-party systems.
Moreover, with many organisations using a mixture of on-premises and cloud storage systems, many are struggling to manage the security of data — either their clients’ or their own. Two in five organisations rely on the native security controls from storage vendors, and almost a third say that since moving to the cloud for storage, it’s been harder to detect unauthorised access.
These findings come from IS Decisions’ new Under a cloud of suspicion report, which draws on research conducted with 300 heads of security within SMBs based in the UK, US and France who are using Dropbox for Business, Google Drive, Box and Microsoft OneDrive. The report examines the current perceptions of cloud storage security among organisations and highlights a clear need for more effective security of company data living in the cloud.
François Amigorena, founder and CEO of IS Decisions said: “The mentality of ‘my data is more important than yours’ needs to change. Most organisations now share a huge amount of sensitive data with their clients over email and via the cloud — and with supply chain attacks on the rise, all it takes is one mishap from one supplier to compromise your data.
“Many organisations now consider the cybersecurity of their partners before choosing to work with them. Therefore, it’s vital that organisations can demonstrate that they can keep their clients’ data safe using technologies that monitor and alert on unauthorised access. It could be the difference between winning and losing clients.”