Data Breaches Going up

March 14th, 2008 by Alina Data Loss, Data Theft, In The Spotlight, endpoint security, security breach

IT Security published an interesting feature this week focusing on data breaches, their trends, the laws regarding such security breakdowns and the targeted company. I thought some of the fats and issues they pointed out are highly important and worth being re-broad casted.

  • the first law in the US regarding data breaches notice dates back to 2003 and was issued in California. Since the 37 states have enforced similar stipulations.
  • In 2007, over 162 million records have been stolen or lost. To better understand what a significant growth the past few years accounted for, note that in 2002 the lost or stolen records amounted to a little under 5,000.
  • Big companies with numerous private records seem to be the preferred target. Yet the cause of such breaches is not the thieves’ high level of knowledge. It’s human errors that facilitate such attacks.

    TJX, the parent of retail chains including TJ Maxx, announced the computer incursion in January 2007 and later disclosed in an SEC (Securities and Exchange Commission) filing that the incident involved data from more than 45 million payment cards.

    Brad Johnson, vice president at SystemExperts, said he views TJX as an anomaly, suggesting most breaches stem from human error rather than an attacker’s ingenuity. “The fundamental problem is a lack of security awareness,” Johnson said. “Employees weren’t aware of the risk involved, so they didn’t take the appropriate precautions.”

    The case of HM Revenue & Customs, the United Kingdom’s tax department, fits the human-error category. In late 2007, HM Revenue & Customs acknowledged the loss of two computer disks containing personal information for 25 million people.

  • Criminal gangs stealing data get 1$ to 10$ per record. Therefore, as long as the attacks are profitable, they will continue
  • The first step a company should take is to realize what sensitive data they have and where it is stored. Such a step should make the implementation of an efficient Endpoint security and DLP solution easier.
  • Another security measure would be to only process the data needed at a certain time (e.g. a few entries as opposed to an entire Excel file containing those entries)
  • Users or consumers should investigate more the risks they expose themselves to when entrusting their private information to third parties.

One Response to “Data Breaches Going up”

  1. The Greatest Data Breaches of 2007 | Endpoint Security Info Says:
    March 17th, 2008 at 2:40 pm

    […] who the dark winner is, it’s the nasty TJX affair. But considering other data and facts we’ve recently told you about, the CSO estimated losses seem to be a bit off. Nevertheless, the top is quite interesting and a […]

Leave a Reply

© Endpoint Security Info 2008. Wordpress Theme by Arcsin

blogarama - the blog directory Technology Blogs - BlogCatalog Blog Directory Blog Directory Find Blogs in the Blog Directory
valid CSS valid XHTML