Survey Reveals Inability to Track and Trace Data Access Among UK retailers
45 per cent of medium to large retailers handling credit card transactions are unable to monitor data access
London, UK – April 2, 2008 – Figures out today indicate that almost half (45 per cent) of medium to large retailers in the UK who handle credit card transactions are unable to track and trace who has been accessing data within the company network according to a survey carried out by research experts Vanson Bourne on behalf of LogLogic, the leader in log management integration.
Restrictions on budget (24 per cent), time (14 per cent) and other priorities (41 per cent) were cited as the reasons why concerned IT directors didn't have systems in place to track and trace data access.
Of the 55 per cent who are able to track and trace data access, only a quarter are able to identify and analyse potential security breaches within one hour. 31 per cent didn't know how long it would take to track and trace, while for 14 per cent of those questioned, it can take more than 8 hours, the equivalent of a working day.
Despite the launch in 2004 of the PCI Standard which is designed to protect card holder data, only 14 per cent of those questioned said that they had reached PCI compliance. Only 25 per cent of respondents said that senior management within their company viewed PCI as a valuable mandate with obvious benefits to the company and its customers.
In contrast, given the choice, 65 per cent of the IT directors surveyed said that, as a consumer, they would personally feel more re-assured purchasing from a retailer who was PCI compliant.
Compounding the situation further are the findings from an additional consumer survey from TNS - again commissioned by LogLogic - which found that 42 per cent of adults in the UK have taken data out of the workplace to work on at home - almost half of this (45 per cent) being classed as confidential. While only 14 per cent of those questioned said that they accessed data which was not directly related to their job, over one third of these said that they would change their behaviour if they knew that their IT movements were being monitored.
Commenting on the findings, Henning Ogberg, vice president, LogLogic EMEA, said: "These research findings are concerning. They come at a time where instances of identify theft and data loss are increasingly commandeering column inches across the media. As such, retailers need to reassure consumers that their personal and financial data is entirely safe and secure. It only takes a matter of seconds for a security breach to occur. But with so many companies unable to track or trace for data loss or theft, by the time any potential security risk has occurred, the damage will have been done, long before the company, and the consumer are even aware of a problem in the first place."
He continued: "Businesses should view log monitoring as the surveillance camera for their data and identity management as the locks on the door. It is critical that they protect and stand guard against threats and theft, just like they would their own homes."
Richard Edwards, Information Management Practice Director at Butler Group added: "We're not especially surprised by the findings of this survey. Indeed, the demands of exploding data growth and regulatory compliance, combined with regulations such as Sarbanes Oxley (SOX), Payment Card Industry Data Security Standards (PCI DSS), BASEL II, etc, are fueling the need for organisations to implement processes that ensure information — especially financial information — is managed in a transparent, consistent, and professional manner. In large organisations this task can consume a large amount of resources, and in smaller organisations it is often neglected altogether, and so Butler Group believes that an automated, managed solution is the only recourse for company wellbeing."
About LogLogic
LogLogic® provides the world's leading enterprise-class platform for collecting, storing, reporting and alerting on 100 percent of IT log data from virtually any device, operating system or application. The LogLogic family of MX and LX-ST appliances address the compliance, operations and risk mitigation needs of mid-market companies, as well as the most demanding global enterprises. LogLogic's innovations include creating the world's first search engine for fast-moving IT log data, and Compliance Suites that automate using that data to enforce critical controls and regulations. LogLogic has established a position as the market visionary and leader, with awards that include Info Security "Product Excellence Awards" 2008, SC Magazine 'Approved for SC Labs Rating' in 2006 and 2007, IT Week's 'Editor's Choice Award', AlwaysOn Top 100 Private Company 2006, Best of Interop 2005, SC Magazine's 'Best Computer Forensics', Info Security's 'Hot Company 2006', and designation to the Red Herring 100 in 2006. For more information, visit www.loglogic.com and http://blog.loglogic.com.
LogLogic disclaims any interest in the trademarks of others.
Technorati : Compliance, Log Management, Log Management & Intelligence
Posted April 2, 2008 6:00AMContact me
Have someone contact you within 24-hours.
Weekly Webcast
Join our experts every Tuesday.
3-Minute Tour
View a LogLogic introductory tour