Study Says Data Breaches On The Rise
from the if-it-hasn't-happened-to-you,-it-will dept
It’s hardly surprising to hear that a new study claims that data breaches are on the rise, with the number of incidents picking up steam in 2008. Sadly, news of “the biggest ever data leak” seems to have become a regular occurrence, and is seen just as part of the normal course of business these days. Part of the problem is that the penalties companies pay for the leaks don’t ever amount to much, what with toothless punishment from regulatory bodies and relatively small fines. Most companies just offer some free credit-report monitoring to those affected, maybe have a “special” sale, and move on. While other studies say the cost of breaches is rising, it’s still low enough that, apparently, it’s an acceptable cost of business, and makes the cost of better prevention unappealing. Still, this isn’t wholly a technical problem: human error remains an enormous threat, with “insider negligence” blamed in one study for 88 percent of data breaches.
Filed Under: data breaches
Comments on “Study Says Data Breaches On The Rise”
Corporate Indifference
“an acceptable cost of business”
It’s not acceptable to me, because ultimately the consumer is the one paying for their negligence.
They have no reason to care.
Definitely not acceptable to me...
…since I’m the CTO. Everything that has to do with IT is my responsibility.
Attitude is Everything
I write security software for a large retailer and everything here is built for as much security as is practically possible.
However, I can attest that the biggest threat to data security is not a not so thoroughly parsed parameter or a port in a fire wall that is left open, it is, as stated, insider negligence. Plain corruption may account for some problems but the bulk of the issues are crappy passwords (ironically my experience is that the more access a user has due to seniority and position the worse the password choice), leaving computers unattended, not wiping discarded hard drives, and not shredding papers that contain sensitive data.
Imprisonment and confiscation for Cxx-level officers
The fix for this is precisely the same as that for other abuses which are either perpetuated or tolerated by Cxx-level officers of other companies (e.g., financial fraud): imprisonment and confiscation of all personal assets. I’m sure we could release any number of casualties of well-known failure called “The War on Drugs” in order to make room for them, and their own assets should be spent on paying for their confinement. Perhaps the prospect of sharing a cellblock with the executives of Citibank and TJ Maxx — as well as some hardened criminals, let’s make sure they’re mixed in — would cause these selfish, arrogant, worthless jerks to think about the consequences of their own greed before indulging it.
The total cost to an organization that has a data breach is vastly under reported. The big problem is that most companies don’t realize this until it has happened to them.