304 Data Loss Incidents in 2014 according to Data Loss

Prevention Source

When a physician at Columbia University used a personally-owned computer

on a shared network to store patient records, the records were stolen.

His employer Columbia and New York-Presbyterian Hospital recently paid a

$4.8 million settlement for the breach. “What you’re seeing is the

impact of legislation we passed over a decade ago continuing to bite,”

says attorney Gerard Franzione. Given the pace of technological change,

he says you can expect more data breaches and fines.

According to the Open Security Foundation, so far in 2014 there have

been 304 data loss events publicly disclosed, like the one at Columbia

University. That’s more incidents in 5 months than all the incidents in

the entire year of 2005. Given the enormous increase in these incidents,

what data loss prevention steps are companies taking? Technology

analyst firm Redwood Advisors says companies need to take a holistic

look at their technology usage and implement DLP best practices.

“There’s a generation of data loss prevention software deployed a

decade ago that has never been extended to how people work today,” says

analyst Stephanie Newman. What’s needed, he says, is an alignment with

the tools employees are using today including cloud services. “Most

companies have no visibility into what data employees are putting into

cloud services, and the security controls applied to that data. They

need to start with what’s happening before they can secure it.”

Recent reports show that the average company uses 759 cloud services,

and that the number of cloud services they use grows 20% quarter over

quarter. At that rate, their cloud usage approximately doubles every

year. Meanwhile, IT estimates that there are around 50 cloud services in

use by employees, meaning the actual number is more than 10x what the

CIO expects to find. Gartner sees a new category of data loss prevention

tools focused on the cloud and sees this as a potential investment.