IT risk management grows in importance as data breaches increase


IT risk management is becoming a major part of businesses today as data breaches continue to occur. After reviewing more than 300 data breaches and 2,000 penetration tests from 2011, IT security and compliance solutions provider Trustwave announced trends and best practices for organizations in 2012.

One of the study's findings indicated that data breaches and subsequent investigations are on the rise. The company conducted 42 percent more examinations of incidents in 2011 than 2010, the report said, and there are several reasons why this is happening.


Among them is the evolution of sophisticated attacks that are occurring more often.  Any organization can fall victim to a data breach if it doesn't have the proper IT risk management policies in place. However, retail stores were one of the most common targets, as their transaction management programs often contain sensitive financial information, the study noted.

Still, there are steps that companies can take to improve their IT risk management practices to better their chances of avoiding these malicious incidents.

1. Employee education

While security software can help keep out authorized users, the best way to avoid a data breach is to have knowledgeable employees who are aware of the risks associated with handling sensitive information. Security awareness should be the foundation of strong data loss prevention practices.

2. User identification

Businesses should be at a point where every operation is tagged to a specific person, Trustwave noted. One way to do this is to implement a data classification program. These technologies only allow certain individuals to access critical data, while enabling employees to label information as sensitive or public. As a result, knowledgeable workers will be able to use their best judgment when it comes to handling information.

3. Standardization of hardware and software

Fragmented technology can be a company's worst enemy when it comes to IT risk management, the report said. By consolidating systems, deconstructing legacy equipment and creating a more homogenous environment, businesses will have fewer variables to monitor, making it easier to protect data, Trustwave noted.

In the end, IT risk management comes down to how the company performs everyday activities. While many believe that innovative technologies are the key to risk and supply chain management, the successful company will be one that prepares through employee education and best practices.