- How to make new stuff from your piles of obsolete tech
- Why your computer sucks
- 10 recession-proof IT skills
- Juniper execs share network vision
- 9-year-old plots his fifth Microsoft certification
Companies are still selling on old hard drives without taking the slightest precaution to wipe business-sensitive data first, a study has found.
The BT-funded research, carried out by the University of Glamorgan in Wales, analyzed 317 hard drives purchased second-hand in the U.K., Australia, Germany and the U.S.
About 35% to 40% of these turned out to come from businesses, 23% of which contained enough information to identify the specific company that had owned them using only off-the-shelf analysis tools. A shocking 5% held sensitive business information.
A further 25% came from individuals, while the remainder could not be identified. Researchers found many hard drives full of porn, and even had to refer two hard drives to the police for suspected pedophile crimes.
The study is a follow-up to an almost identical one conducted on behalf of BT last year, and found that the treatment of hard disks had barely improved since then, said Dr Andy Jones, Head of Security Technology Research at BT.
“We’ve seen a huge increase in corporate governance. This is a measurable metric of how well companies are doing in implementing all this security,” said Jones.
The main problem was that “once an organization disposes of assets, it gives up ownership or responsibility,” he said. “How much are you going to invest cleaning something that is only worth £5-£10?”
The disks were bought from a random selection of auction sources. Of the countries surveyed, the U.K. did relatively well by the admittedly low standards of data security uncovered. A quarter of the 200 hundred drives that came from the country had been competently wiped.
Many others had simply had files deleted in Windows or had reversible processes such as disk formatting applied to them.
Overall, four out ten drives bought second-hand didn’t even work, suggesting that petty fraud afflicts the second-hand drive market as much as lax data security.
The full report is not available online, but will be published this October in the quarterly Journal of Digital Forensics, Security and Law, which has its own Web site.
Another issue identified by Jones was the quality of disk wiping tools available to the general public and company IT staff alike -- many of them did not work well, researchers found.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment