Firewalls are so common that all organizations implement and maintain firewalls, right?
If you think this is the case, think again!
The 2009 Data Breach Investigations Report issued by the Verizon Business Risk Team finds that 7-in-10 organizations experiencing data breaches are not deploying or maintaining firewalls.
More stunning findings from the investigations include: 9-in-10 organizations do not implement controls to protect cardholder data, 19-in-20 do not implement or maintain secure systems and applications, 6-in-7 organizations fail to regularly test technical and procedural information security controls, and the same number of firms either have no policies or do not maintain policies for information security.
What are the risks?
If your information security practices are like the firms from the Verizon study and you are with a small business, the risk of a data breach is 1-in-10 each year and the likely financial impact is 4 percent of revenue. For midsize organizations with similar practices, the risk of a data breach is 1-in-4 each year and the likely financial impact is 5 percent of revenue. Larger enterprises with similar practices for information security are most at risk, with a 1-in-1.4 chance of experiencing a data breach each year and a likely financial impact of 7 percent of revenue.
What can you do to improve your odds?
See the latest research report highlighting the practices making a difference for organizations with the best track-records for protecting sensitive customer information.
2009 Data Breach Investigations Report
Guidance for Best Practices in Information Security and IT Audit