As you might already know, Proofpoint exhibited last week at the RSA Conference 2010 in San Francisco. As part of our exhibit (see photo at left), we conducted an electronic survey about email trends that more than 120 booth visitors kindly took the time to fill out.
48% of respondents said their organizations had been the target a "spear phishing" attack. That is, they were targeted by a phishing email designed specifically to compromise their own email users.
59% of respondents said that their organizations have deployed an email encryption solution. An additional 19% intend to deploy such a solution in the future (most in the next 12 months).
43% of respondents said that effectiveness and accuracy is the most important factor when selecting an email security solution, while 20% said that "ease of administration" was the most important factor. 16% cited cost, 11% cited available deployment method (e.g., SaaS vs. appliance) and 6% cited vendor brand/reputation as the most important decision factor when selecting an email security solution.
Survey respondents were also asked about their top email annoyances. It's probably no surprise that spam and phishing emails that get through the organization's spam filter were the top two annoyances (39% and 27%, respectively). But certain types of legitimate email were most annoying for some of our survey respondents:
15% find legitimate email newsletters/marketing emails that are sent too frequently their top email annoyance.
10% find legitimate emails from coworkers or business contacts "that I just don't have time to answer" as most annoying. (Personally, I would fall into this camp!)
7% find social media notifications and other types of legitimate, but non-essential, emails as most annoying.
RSA 2010 was a great show for us with a lot of customers and more than 1000 interested attendees who dropped by the booth. Thanks to everyone who took the time to stop by our booth! As promised, I do have a few video interviews coming soon to the blog. Stay tuned...
Today, in an announcement issued from our booth at RSA (#1132), Proofpoint introduced the latest update to our SaaS email security and data loss prevention platform, Proofpoint 6.1.
New features in Proofpoint 6.1 include support for mutli-protocol (HTTP, HTTPS) data loss prevention, a new data loss prevention dashboard (pictured at left - click for a larger image), encryption enhancements including an Outlook plug-in for the Proofpoint Encryption solution and a variety of other security and performance enhancements.
You can check out the full press release, which has a lot more detail, here:
RSA Conference 2010 exhibits open tonight and we're looking forward to seeing any of you who are attending! Find Proofpoint at booth #1132. When you stop by, please take a moment to take our quick email security survey and we'll give you one of our classic "Defend Email" t-shirts.
Also, we're giving away a $500 Apple gift card to one lucky visitor, so make sure you drop by and get your badge scanned. See you there!
Our live web seminar series continues on March 24th, 2010 with an important topic that we haven't covered in a while, compliance with PCI (Payment Card Industry) data security standards. If your company handles credit cards and cardholder data, you should be aware of these requirements.
We'll discuss the critical role that email security plays in PCI-DSS compliance. You'll also hear real-world examples of how Proofpoint customers use integrated email encryption and data loss prevention technologies to tackle a wide variety of compliance challenges, securely transmit sensitive data via email and improve the levels of service and convenience they deliver to their customers.
Find more details and register by visiting the link below:
The publishers of the always-informative online publication Bank Info Security are now tackling the healthcare industry with a new site called Healthcare Info Security. This site should be a great resource for HIPAA and HITECH compliance information and other technology issues that face the healthcare industry.
In one of the first articles posted to the site, Proofpoint customer Crystal Run Healthcare discusses how they solved their secure email issues and protect private health information (PHI) in email.
In "Secure E-mail Cures Headaches," IT director Miguel Hernandez discusses how email encryption is used to secure communication between doctors and patients, share private information with business partners including accountants and lawyers and help with ensuring HIPAA compliance.
"Considering the cost of secure email, as opposed to the cost of litigation over a HIPAA violation," says Hernandez, "It's certainly worth it."
The article is a good view into the real world issues that all types of healthcare organizations are facing vis-a-vis securing email. Several other Proofpoint resources related to email encryption, HIPAA compliance and the healthcare industry include the following whitepapers:
The average organizational cost of a data breach increased by about 2%, from $6.65 million (2008) to $6.75 million (2009). On a per-compromised record basis, the average cost rose from $202 to $204 per compromised record. Ponemon says that the most expensive data breach event including in their latest study cost the organization almost $31 million to resolve.
More US companies are using technology to prevent and remediate data breaches. Among the related findings: 58% of surveyed organizations expanded their use of encryption technology, 42% increased use of data loss prevention solutions.
Data breaches caused by malicious attacks and botnets doubled from 2008 to 2009, and those breaches were 40% more costly than breaches involving negligent insiders or system glitches.
There's a lot of other interesting data in the Ponemon report, the full version of which can be downloaded from http://www.encryptionreports.com (note that Proofpoint is not affiliated with that site or the Ponemon Institute).
Hard to believe that the RSA Conference 2010 is just a little more than a month away! If you'll be attending RSA Conference 2010 at Moscone Center in San Francisco, please be sure to visit the exhibits and visit Proofpoint at booth #1132.
If you'd like to attend the RSA Conference expo (exhibits), you can get a free exhibits-only pass (which RSA calls an "Expo Pass") courtesy of Proofpoint by using code EC10PRF when you register. We'll be demonstrating our latest email security solutions including our new email encryption solution, Proofpoint Encryption.
To register for your free exhibit pass, please visit the following URL:
Proofpoint email encryption expert Ken Liao is quoted in a new article at Processor magazine on encryption deployment and management tips for small and medium-sized enterprises.
Email encryption isn't just for large enterprises anymore, of course, since data protection regulations can apply to organizations of any size. And enterprises of all sizes are very concerned about protecting confidential and private data. Traditionally, email encryption has been difficult to deploy and sometimes difficult to use. The latest generation of email encryption solutions has come a long way in addressing those issues.
Proofpoint Encryption, for example, can be deployed entirely as a SaaS solution, eliminating all of the issues involved with implementing hardware and software on-premises. And, even when deployed on-premises, Proofpoint Encryption makes use of our Proofpoint Key Service to provide secure, highly-available and fully redundant key storage facilities.
You can learn more about Proofpoint Encryption by reading our technology whitepaper:
Dan Raywood at SC Magazine (UK) reports today that the UK's Information Commissioner's Office has been given the authority to levy fines for serious violations of the UK's Data Protection Act. As noted in the article:
As revealed by SC Magazine last year, there are plans to increase the punishing powers of the ICO and an announcement revealed that it will be able to order organisations to pay up to £500,000 as a penalty for serious breaches of the Data Protection Act.
The ICO has produced statutory guidance about how it proposes to use this new power, which has been approved by the Secretary of State for Justice, and was laid before Parliament yesterday.
Information Commissioner Christopher Graham said: “Getting data protection right has never been more important than it is today. As citizens, we are increasingly asked to complete transactions online, with the state, banks and other organisations using huge databases to store our personal details."
You can read full coverage over at SC Magazine UK here:
This new authority is part of a general trend these days for stepped up enforcement of data protection regulations worldwide (as just one example, see the enhancements enacted in the US to improve enforcement of HIPAA's healthcare privacy provisions).
I expect this legislation will increase interest in data loss prevention and encryption solutions among large enterprises in the UK. At Proofpoint, we've been responding to these trends by introducing solutions such as Proofpoint Encryption and by bundling that email encryption technology with our Proofpoint ENTERPRISE Privacy solution, making it more affordable for large organizations to protect sensitive content in email across the entire organization.
As sort of a companion piece to his "Effortless Email Encryption" comparison of six popular email encryption solutions (see my previous blog post), writer David Strom has a case study piece over at Baseline that collects actual customer feedback and advice on deploying encryption technology for email. You can read the full article here:
Proofpoint users Domino's (who use Proofpoint for detecting confidential information in conjunction with encryption technology from Voltage) and Merit Resources (who use the new Proofpoint Encryption module in their Proofpoint deployment) are quoted in the piece.
Jeff Caracci, vice president of IT and facilities management at Merit Resources is quoted on Proofpoint Encryption's ease-of-use:
“A recipient gets an e-mail with an embedded Web link that they click on to read the message,” he explains. “There are no key management headaches, and if someone forgets their password to decrypt the message, they can automatically change it on their next login attempt, as long as they remember their password reset question.”
Merit uses the module that automatically encrypts messages containing sensitive information, such as Social Security numbers or employee data. Because we are essentially a remote human resources office for our clients, we send and receive a lot of confidential information via e-mail, and that always needs to be protected,” Caracci says.
