Tech pros in healthcare, retail and finance admit they are failing on data compliance

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.csoonline.com/article/2466785/security-leadership/tech-pros-in-healthcare-retail-and-finance-admit-they-are-failing-on-data.html

Most technology pros charged with maintaining compliance at tightly
regulated healthcare, retail and financial organisations admit they are
failing.

Dell questioned 200 compliance technology professionals and found the
worrying trend in the governance, risk and compliance (GRC) area.

The survey found that 83 percent of respondents believed their
organisation's security would be improved if the security and compliance
teams worked more closely and shared more information.

Fewer than 50 percent said employees adding new data sources to the
environment for compliance and security take the time to inform the
security and compliance teams about the new data.

And 59 percent of respondents cited limited manpower and 49 percent
mentioned growth in the amount of data, as the number one and two causes
for concern in meeting GRC objectives.

Organisations are also concerned about their ability to prevent
unauthorised access and changes to sensitive data, setting them up for a
potential data breach.

The survey found that 93 percent of respondents are concerned about their
ability to prevent unauthorised changes, and 61 percent are concerned about
both external and internal unauthorised access.

In addition, organisations are not confident they are capturing all
compliance data needed to maintain regulatory standards, and a large
percentage have no consistent process for managing the volume of data
required for regulatory control.

Less than 50 percent of respondents proactively review or remove data
sources that are no longer required, putting a large portion of
organisations at a much higher risk of security threats. And only 11
percent of respondents are very confident that their organisation is
capturing all the data necessary to detect, investigate and determine the
root cause of an incident or data breach

Less than 50 percent of respondents have a "consistent process" in place
for adding regulatory data sources.

Tim Sedlack, senior product manager for GRC solutions at Dell, said: "Too
often we are seeing security and compliance failures that don't have to
happen.

"Regulated industries like healthcare, retail and financial services have a
tough road when it comes to meeting their governance, risk and compliance
objectives, and our survey results show they are worried about it."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!