Varonis welcomes PwC economic crime report, but cautions on data awareness issues
London 2nd December Varonis Systems Inc. the leading provider of comprehensive data governance software has welcomed the publication of PricewaterhouseCooper’s global economic crime survey 2011, but cautions that – in order to report economic fraud to the relevant authorities – companies must be aware that a fraud has taken place.
According to David Gibson, Varonis’ director of technical services, as the results of a survey at the IP Expo event in London in October – which found that 57 per cent of those contacted said that unstructured data is their biggest security headache (http://bit.ly/vmZPqf) – clearly show, tracking the flow of unstructured data is a very difficult exercise.
“And it’s for this reason that, whilst we welcome this report from PricewaterhouseCooper – which gives companies a clearer view of the economic and cybercrime threats against their assets – we remain concerned that many large companies have grave difficulties knowing what is happening to their digital assets at all times, and thus making informed decisions about their protection and management.” he said.
“I think it is interesting that the report notes more UK respondents (33 per cent) as seeing cybersecurity as the responsibility of their CEO and board, even though our observations suggest that those same CEOs and board members place a high degree of reliance on the information that flows from their IT security department,” he added.
And, Gibson went on to say, the IT security manager and his team in turn rely on the data flowing from their security applications to assess the potential for data theft and allied frauds.
The problem here, he explained, is that, whilst conventional IT security systems can monitor – complete with the required audit logs – the structured data on the company’s IT systems, these systems rarely fully extend to unstructured data, which is typically stored on file shares, NAS devices, and email.
The Varonis director of technical services went on to say that the PwC report also reveals senior executives within corporates do not seem to be regularly reviewing their cybercrime risks.
This is clearly illustrated, he says, by the fact that only 20 per cent of respondents said their CEO and the board review these risks on an ad hoc basis.
The really big question that remains unanswered here, he adds, is how on earth can the CEO and board review their security risks when the information flow from the their security staff does not paint the whole picture on what is happening to the company’s data?
“Even though the PwC UK report notes that three quarters of respondents who experienced an economic crime in the last 12 months reported the incident to a law enforcement agency – and almost a third also reported it to regulators – our conclusions are that, if the company itself is not applying best practice principles to all of its data, then it cannot be aware of the full picture,” he said.
“This is especially concerning against the backdrop of the report noting that the number of incidents of fraud are on the rise (figure 12 in the UK analysis), as it means the problem of data security in large organisations will only get worse,” he added.
“So whilst we welcome this UK analysis from PwC, we cannot help feeling that it leaves a large number of questions about company data unanswered. Without a complete picture of their data – and what is happening to it – even the best CEO cannot make informed strategy decisions.”
For more on the UK PwC report: http://www.pwc.com/en_GX/gx/economic-crime-survey/assets/GECS_GLOBAL_REPORT.pdf
About Varonis Systems
Varonis is the leader in unstructured and semi-structured data governance for file systems, SharePoint and NAS devices, and Exchange servers. Named a "Cool Vendor" in Risk Management and Compliance by Gartner and voted one of the "Fast 50 Reader Favorites" on FastCompany.com, Varonis has more than 4,000 installations worldwide. Based on patented technology and a highly accurate analytics engine, Varonis' solutions give organizations total visibility and control over their data, ensuring that only the right users have access to the right data at all times. Varonis is headquartered in New York, with regional offices in Europe, Asia and Latin America, and research and development offices in Hertzliya, Israel.
Varonis, the Varonis logo, DatAdvantage and DataPrivilege are registered trademarks of Varonis Systems in the United States and/or other countries and Data Classification Framework and Metadata Framework are under a registration process in the United States and/or other countries. All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only.
