Data Security Issues Can Scare the Dickens out of You
by Perry Puccetti
Without the resources of a large business, many smaller companies ignore these challenges at their own peril.
“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity…”
As one of the most famous works in the history of fictional literature, this segment from the opening paragraph of Charles Dickens’ “A Tale of Two Cities” seems to capture the essence of our time: One of extremes.
For today’s small to mid-size businesses, the topic of data security is a study in extremes. While representing great opportunity—a largely untapped source of innovation, knowledge, and competitive advantage—it also represents potentially significant vulnerabilities with cyber crime, privacy issues, and, ultimately, the preservation of trust.
While events such as Russia’s cyber attacks on Georgia during its invasion in 2008, China’s alleged attack on Google, and the more recent Stuxnet worm directed at Iran’s nuclear program are front page news, given their national security implications, it is the day-to-day vulnerability and integrity of company data that most leaders of small to mid-size businesses are concerned about.
Consider: Data grows exponentially, and according to market research and analysis firm IDC, the world’s digital output is doubling every 1½ years. In 2010, experts expected the world to create and replicate a record 1.2 zettabytes of data—in essence, a stack of DVDs reaching to the moon and back. By 2020, IDC expects this number to grow to 35 zettabytes—enough to go halfway to Mars.
A 2005 study by the Small Business Technology Institute revealed that many small to mid-size business leaders do not really understand the true economic impact of information security or the threats they need to manage against, and, tend to be more reactive than proactive in protecting their data. Approximately 70 percent of small to mid-size businesses consider information security a high priority, and more than 80 percent exhibit confidence in their existing protective measures. And still:
Approximately 56 percent have experienced one or more security incidents in the past 12 months.
74 percent of small businesses do not have an information security plan.
Almost one-fifth of them do not use virus scanning.
More than 60 percent do not protect their wireless networks.
Additionally, according to Javelin Strategy and Research, fraud losses experienced by less-than-large businesses exceeded $8 billion in 2010. Large enough to have data (or client data) worthy of attention, yet small enough that information security is not seen as a priority, those companies thus become attractive targets. To add insult to injury, while in many instances the consumer is protected from loss against cyber crime, most small to mid-size companies are not. In 2010, this amounted to cash losses of more than $2.5 billion.
Successful data breaches are not just an IT, productivity, or intellectual property concern; executives could find themselves being sued for not taking appropriate measures to protect company and/or employee information. Besides the obvious financial aspect, the longer-term, potentially more damaging impact could be to the company’s brand, and, the level of trust between its customers and employees.
Given the proliferation of mobile devices, the increasing trend toward desktop mobility, and profligate use of social media for both personal and professional use, the benefits afforded by easy access to company data must be constantly balanced by its protection—in order to ensure that “easy access”
does not literally equate to “data breach.”
Where firewalls, anti-virus software, IDS/IPS, and proxies helped protect a company’s information in the past, they are becoming less of a challenge to today’s evolving cyber threat.
How do we mitigate our risk?
First, by understanding that the threat to our data is constantly evolving and maturing; accordingly, our security approach for maintaining the integrity of our data must evolve and mature. Second, by taking a multi-layered approach that addresses areas such as user awareness (company policy, education, and training), technol-ogy (active and passive monitoring), and protection against cyber liability (emerging cyber insurance policies, for example).
We are an information and data-centric society, and our ability to transform information and data into innovative new products and services offers us both the best of times and the worst of times if we cannot protect it—in fact, our ability to compete depends on it.
Although written in 1859, Dickens’ words still ring true today. 
Perry Puccetti is president and CEO of the Triple-I Corp. in Overland Park, Kan.
P | 913.563.7224
E | PPuccetti@triplei.com