Study Says Data Breaches On The Rise

from the if-it-hasn't-happened-to-you,-it-will dept

It's hardly surprising to hear that a new study claims that data breaches are on the rise, with the number of incidents picking up steam in 2008. Sadly, news of "the biggest ever data leak" seems to have become a regular occurrence, and is seen just as part of the normal course of business these days. Part of the problem is that the penalties companies pay for the leaks don't ever amount to much, what with toothless punishment from regulatory bodies and relatively small fines. Most companies just offer some free credit-report monitoring to those affected, maybe have a "special" sale, and move on. While other studies say the cost of breaches is rising, it's still low enough that, apparently, it's an acceptable cost of business, and makes the cost of better prevention unappealing. Still, this isn't wholly a technical problem: human error remains an enormous threat, with "insider negligence" blamed in one study for 88 percent of data breaches.

Carlo Longino is an expert at the Insight Community. To get insight and analysis from Carlo Longino and other experts on challenges your company faces, click here.

5 Comments | Leave a Comment..

Ohio Data Leak Gets Pinned On The Intern

from the passing-the-buck-eye dept

You might remember the recent data leak in Ohio, where personal info on a million or so people was lost, after a storage device containing it was stolen from an intern's car. The intern, who apparently took the device home with him as part of a security protocol, has now been fired by the state, and says he's being made the scapegoat for the loss. Despite the governor's claims to the contrary, of course the intern's being scapegoated, even though he apparently was just doing what he was told. That's how things work with data leaks: the buck is passed, and responsibility shirked. In this instance, the state can say the responsible party has been fired, glossing over the fact that he was apparently just following directions he'd been given, and that the real problem here was a flawed security plan that was either devised by an idiot, or, more likely, by somebody who didn't take the security of other people's personal info very seriously. That's the problem here: nobody seems to care when it's other people's data. There are never any real ramifications from these leaks, as long as companies or governments are seen to have some security plan in place, even if it's not a good one. Until that changes -- and the scapegoating and responsibility shirking stops -- data leaks and breaches are going to keep on coming.

31 Comments | Leave a Comment..

Feds' Edict To Encrypt Hard Drives Gets -- You Guessed It -- Ignored

from the surprise! dept

Back in May, the Transportation Security Administration did its best to gloss over the fact that it lost a hard drive containing personal information on some 100,000 of its employees by putting out a press release about it at 7 o'clock on a Friday evening. Now, a few months later, it's disclosed that the drive wasn't encrypted (via Threat Level), in contravention of a White House order from last summer saying that all devices containing personal data need to be encrypted if they're taken outside secure areas. As we've noted, these sorts of edicts and guidelines are meaningless unless they're actually followed, and non-compliance brings real repercussions.

29 Comments | Leave a Comment..