The findings are pretty shocking. The average small company — defined here as having fewer than 3,000 employees — reports 11 to 20 data-loss incidentsevery day, Intel says.
Among midsize companies — those with 3,000 to 5,000 staff — the median is 21 to 30 incidents per day. And among large organizations — those with more than 5,000 employees — the median is a scary 31 to 50 incidents per day.
By industry, the main targets are retail and financial services, Intel says. These two verticals experience nearly 20 percent more suspicious activity than others including government, healthcare and manufacturing. The chart below, courtesy of Intel Security, shows the comparison, both by industry and company size.
Unfortunately, most organizations apply only the most basic, simplest forms of data-loss protection for structured data. The problem is, more and more of the data being stolen isn’t structured, but unstructured.
Yet theft techniques haven’t changed much, Intel finds. It’s mostly due to hackers, malware and social attacks. And 40 percent of incidents are physical, involving the theft of things like laptops and USB drives. Yet only one-third of organizations have data-loss controls in place for physical media, meaning two-thirds are leaving themselves highly vulnerable.
There is some good news: More than 85 percent of organizations give employees security training. And they reinforce that training with pop-ups and other notification methods, Intel finds.
Steps to Prevention
What can you do to help your clients prevent their data from being stolen? Take these 6 steps recommended by Intel Security:
> Help clients create data loss prevention policies and procedures.
> Identify clients’ sensitive data within the organization, and create custom classifications if needed.
> If your client uses cloud-based services, identify sensitive data there, too.
> Work with clients to actually implement these policies and procedures. The goal: detect unexpected movements or access of sensitive data that might be thefts.
> Offer security-awareness training to your client’s employees. And implement “justification screens” to coach your client’s employees on appropriate actions for transferring data.
> Urge clients to validate and fine-tune all procedures and policies at regularly scheduled intervals. If a policy is either too lax or too restrictive, they should adjust it.
In related news, Intel last week announced an agreement with TPG, a private investment firm, to establish a new, jointly-owned company called McAfee. As part of the deal, TPG is making a $1.1 billion equity investment. Ultimately, TPG will own 51 percent of McAfee, and Intel will own 49 percent.
Intel had acquired McAfee back in 2011 and rebranded the company Intel Security. Now Intel says the TPG deal is expected to close in the second quarter of 2017.