VERNON HILLS, Ill. – Many campus IT professionals report that their facilities have recently experienced breaches that jeopardized their E-mail, network or other sensitive data, according to the Data Loss Straw Poll, a national survey published this week by CDW LLC (CDW).

The study found that a quarter of the IT professionals surveyed say their institutions have lost data since 2010. However, hospitals and colleges/universities experienced a higher rate of data loss at 26% and 28% respectively.

Of the 654 IT professionals who responded to the poll, 151 were from healthcare organizations and 151 were from colleges and universities. Of all the respondents, which also included IT professionals from businesses and the financial sector, 32% believe data loss is the cybersecurity threat that poses the greatest business risk to their organization over the next year. Another 18% say malicious attacks are the greatest cybersecurity threat.

Healthcare and higher ed respondents, however, rated their concerns regarding cybersecurity threats somewhat differently. When asked which form of cybersecurity threat they believe poses the greatest business risk to their organization over the next year, college/university respondents indicated:

• Data loss (internal threats, negligence or accidental loss, bot data harvesting): 28% 
• Social engineering (e.g., phishing, spear phishing threats via social networks): 21% 
• Malicious attacks (targeted intrusions): 17% 
• Bots (anonymous, untargeted): 13% 
• Evolved forms of current threats (viruses, worms, or breaches): 10%                       
• Mobile threats (employee-owned and employer-owned devices accessing the organization’s network): 6% 
• Don’t know: 5% 

Healthcare respondents indicated:

• Data loss (internal threats, negligence or accidental loss, bot data harvesting): 36% 
• Evolved forms of current threats (viruses, worms, or breaches): 16%                       
• Malicious attacks (targeted intrusions): 14% 
• Mobile threats (employee-owned and employer-owned devices accessing the organization’s network): 14% 
• Social engineering (e.g., phishing, spear phishing threats via social networks): 11% 
• Bots (anonymous, untargeted): 5% 
• Don’t know: 4% 

Two thirds of healthcare (63%) and higher ed (67%) respondents say customer, student, employee or patient records/personally identifiable information is the most likely target of a cyber attack, while 20% of college/university and 14% of hospital survey takers believe credit card information is the most likely target. The other likely targets were rated as follows:

• Competitive/proprietary information: 10% healthcare, 3% higher ed
• The organization’s financial data: 6% healthcare, 5% higher ed
• The organization’s social network accounts: 3% healthcare, 3% higher ed
• Product design & specification data: 3% healthcare, 1% higher ed
• Marketing plans: 1% healthcare, 1% higher ed

The survey shows that the number of people accessing healthcare organization networks increased by 52% during the last two years (the percentage of increase for colleges and universities was 30%). When asked why their organizations were increasing the number of people accessing their networks, healthcare respondents indicated:

• Growth in the number of office locations: 61% 
• Mobile device deployment: 59% 
• EHR implementation: 47% 
• Connection to affiliated healthcare facilities: 47%     
• Extension of network to incorporate physician practices: 43% 

Healthcare and higher ed respondents indicated the following mobile devices were allowed access to their organizations’ networks:

• Employer-owned devices: 32% healthcare, 13% higher ed
• Employee-owned devices: 10% healthcare, 10% higher ed
• Employer-owned and employee-owned devices: 58% healthcare, 74% higher ed
• No mobile devices allowed access to the network: 0% healthcare, 3% higher ed

Inadequate security policies are contributing to network security challenges. Only 58% of IT professionals from colleges and universities say their data security policies are effective. Healthcare facility IT professionals are more confident in their data security policies: 71% say they are effective.

While most organizations allow employees to access their networks with personal mobile devices, security policies for employee-owned devices are often less strict than for employer-owned devices. One in three higher ed IT professionals said their institutions do not have security policies for employee-owned mobile devices. Healthcare organizations, however, are doing better: only 15% do not have policies in place for these devices.

Organizations that gave their data security an “A” grade layer nearly all available data loss prevention measures, including encrypted storage, backup and E-mail gateway; endpoint data loss prevention and security solutions; full-disk encryption; and Web security filters. Organizations with “A” security are also more likely than others to require employee-owned mobile devices to comply with defined security procedures before they are granted network access.

To access the report, visit CDW http://newsroom.cdw.com/news-releases/news-release-04-17-12.html.

Related Articles:

• Protecting VIP Privacy
• Cyber Threat Grows More Destructive
• 43% of IT Execs Reported Cloud Service Breaches Last Year
• How the HITECH Act May Affect Your Healthcare Facility

 

 

 

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Related Content