By Tim Wilson, DarkReading
January 13, 2009, 11:15 AM
Reports of data breaches in the U.S. rose almost 50 percent in 2008, according to a comprehensive report issued by the Identity Theft Resource Center on Monday.
The ITRC 2008 data breach report, which extracts data from several different breach disclosure sources, reckons that there were 656 compromises in the U.S. last year, up from 446 in 2007.
About 12 percent of the reports came from financial-services firms, up from 7 percent in 2007, the ITRC says. Financial institutions reported more than 18 million records breached last year. Overall, more than 35 million records were compromised in 2008, the report says.
Only 2.4 percent of all breaches involved data where encryption or other strong protective measures were in place, and only 8.5 percent involved password protection, the ITRC reported. "It is obvious that the bulk of breached data was unprotected by either encryption or even passwords," the study states.
Malware attacks, hacking, and insider theft accounted for nearly 30 percent of breaches that cited a cause, the ITRC said. Insider theft more than doubled between 2007 and 2008, accounting for 15.7 percent of the breaches.
Of the five industry sectors the ITRC has monitored during the past three years -- business, educational, government/military, health/medical, and financial/credit -- the financial-services industry had the lowest percentage of the total number of breaches, according to the report.
"The financial, banking, and credit industries have remained the most proactive groups in terms of data protection over all three years," the ITRC said. But financial institutions were among those reporting some of the biggest breaches last year. For example, the Bank of New York Mellon Shareholder Services reported 12.5 million records breached in two separate incidents in which third-party couriers lost unencrypted backup storage tapes.
Chronicles of Dissent, a privacy watchdog organization, offered a different take on the ITRC data.
"Whereas ITRC's analysis might lead to the conclusion that the financial section is the most proactive sector because they represent less than 12 percent of all breaches, inspection of the raw frequency data suggests a somewhat different picture: Reported breaches increased over 250 percent from 2007 to 2008," Chronicles of Dissent said. "That trend indicates that security in the financial sector is not keeping pace with previous threats and new threats to data security."
Subscribe to:
Post Comments (Atom)
1 comment:
Price Waterhouse Cooper and Carnegie-Mellon’s CyLab have recent surveys that show the senior executive class to be, basically, clueless regarding IT risk and its tie to overall enterprise (business) risk. Data breaches and thefts are due to a lagging business culture – and people aren’t getting the training they need. For example: Microsoft patched for this virus 4 months ago. I like to pass along things that work, in hopes that good ideas make their way back to me, and as CIO, I look for ways to help my business and IT teams further their education. Check your local library: A book that is required reading is "I.T. WARS: Managing the Business-Technology Weave in the New Millennium." It also helps outside agencies understand your values and practices.
The author, David Scott, has an interview that is a great exposure: http://businessforum.com/DScott_02.html -
The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action.
In the realm of risk, unmanaged possibilities become probabilities – read the book BEFORE you suffer a bad outcome – or propagate one.
Post a Comment