- Event Registration
- Events Calendar
- Gartner Blog Network
- Videos
- Podcasts
- Photographs
- Gartner Books
- Analyst Coverage Areas
- Press Release RSS Feed
- Attribution Guide
- Products & Services
- Company Profile
- Investor Information
- Executive Profiles
- Board of Directors
- Acquisition History
- Gartner Policies
- Office of the Ombudsman
- North America
- Europe
- Australia / New Zealand
- S.E. Asia / North Asia
- India and Korea
- Japan
- Latin America / Mexico
- CURRENT
- VIEW ALL
Gartner says that rash of ID theft cases indicates need for increased focus on security policies in Australia
Data protection is much less costly than responding to data breaches
Sydney, July 17, 2006 — The recent spate of identity theft cases in New South Wales (NSW) highlights the need for Australian enterprises to invest and implement stringent security measures – not just in infrastructure, but also in employment practices, according to research and advisory firm Gartner.Speaking at the company’s IT Security Summit in Sydney today, Avivah Litan, vice president and distinguished analyst at Gartner, said that banks and other consumer-facing organisations must move beyond simple passwords for online consumer authentication. “These are no longer sufficient for online financial applications. Organisations must evaluate a variety of methods to determine which provides adequate authentication and best suits customer and service offerings.”
A NSW-based identity theft syndicate currently under investigation allegedly used ‘corrupt officers of financial institutions’ to access customer information and internal bank systems. Commenting on this at the Gartner IT Security Summit, Ms Litan said that as part of an overall security policy, companies should engage in sound practices for employee screening, as well as data access management, to prevent employees from selling sensitive customer data to identity thieves.
Ms Litan suggested implementing multi-channel detection systems to fight crime situations such as the recent NSW case. She suggested looking across industries, institutions, accounts and channels to establish and detect fraudulent behaviour patterns. “Looking only at transaction activity in one account accessed through one channel at one institution typically does not provide enough information to detect many kinds of fraudulent transactions,” Ms Litan said.
While security managers are attempting to implement more stringent security measures around sensitive information, the price tag for such protection can cause ‘price tag shock’ for many organisations. Security managers are facing budget challenges to protect customer and business-sensitive information. Gartner analysts pointed out that data protection is much less costly than responding to data breaches.
"A company with at least 100,000 accounts to protect can spend, in the first year, as little as AUD$8 per customer account for just data encryption, or as much as AUD$20 per customer account for data encryption, host-based intrusion prevention and strong security audits combined," Ms Litan said. "This compares with an expenditure of at least AUD$120 per customer account when data is compromised or exposed during a breach."
According to Gartner, there are several data protection options for consideration. Encrypting stored data can provide the most robust data protection, but if that is unfeasible due to cost and complexity, organisations should deploy comprehensive host-based intrusion prevention systems (HIPS). However, successful deployment of HIPS requires strong server configuration control and additional administrative cost and complexity. Another option is strong security audits to validate the organisation’s deployment of satisfactory mitigating controls, reducing the need for data encryption or HIPS. "None of these options are mutually exclusive, but implementing all three will still be less expensive than having to respond to a large-scale data breach," Ms Litan said.
Other IT Security Summit highlights:
- As part of the opening keynote, analysts Rich Mogull and John Girard demonstrated how easy it is to reset passwords, break into wireless laptops and knock smartphones off the air, and discussed methods to prevent damage.
- Mobile and wireless security– Robin Simpson examined how the explosion in demand for better wireless capabilities is affecting the user and the IT professional. This presentation focused on business-to-employee and business-to-consumer applications of technologies, the development and delivery of new technologies and emerging trends in the wireless industry.
- Spend Less, be More Secure. Information security budgets are still growing. Gartner believes the time has come for a new approach to managing information security technology and spending, turning the trend on its head. Australian analyst John Roberts explored specific ways to reduce the information security budget while increasing overall security.
For more information about IT Security Summit, please visit www.gartner.com/ap/itsecurity
Contact:
Laurence Goasduff
Gartner
+ 44 1784 267 195
laurence.goasduff@gartner.com
About Gartner:
Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. Gartner delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is the indispensable partner to 60,000 clients in 10,000 distinct organizations. Through the resources of Gartner Research, Gartner Consulting and Gartner Events, Gartner works with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, U.S.A., and has 4,000 associates, including 1,200 research analysts and consultants in 80 countries. For more information, visit www.gartner.com.
