VMGroup team performed a study to determine if companies and indivivduals are taking IT Security seriously.
On embarking the study, VMGroup purchased hard drives on the second hand marked in ireland to determine if Ireland was taking IT Security seriously. VMGroup did not expect any significant results of the study believing that the recent changes in GDPR would have had everyone worried about their data security.
The results were not as expected. 15 years to the day from the first ever disk study carried out, there was very little change.
Summary of the results is as follows:
– 0% of the drives were encrypted
: Encryption software is freely available
– 79% of the drives data was deleted or formatted but was still recoverable
: wiping tools readily available would have removed the data properly
– 14% of the drives contained information for an organisation to be identified
– 17% of the drives contained information for an individual to be identified
– 22% of the drives contained copyright material
– 15% of the drives contained illicit material
– 14% of the drives contained financial material
Data from Data from a global financial auditing firm, personal
medical records revealing test results from medical practitioner,and Local authority personnel were amongst the data that was recovered.
This illustrated to VMGroup that:
1. Security is still not taken seriously in organisations, even organisations that should know better – and
2. GDPR made no impact in the current position of the IT Security in Ireland.
Possibly quite a daring statement, but the results have depicted the same IT Security posture as that of 15 years ago.
Dr Vivienne Mee
Full article coverage from the Sunday Business post and can be downloaded here DiskStudySBP