Data Security is Off to a Runaway Start in 2009
We’re already well into 2009, even though in many ways it feels like the New Year has just started. Yet, some new statistics on data security released this week show that the number of breaches and incidents is on par with or ahead of 2008, which was notorious for being the worst year for data security in history. So far.
Our friends at the non-profit Identity Theft Resource Center (ITRC) are still on the ball, observing, recording and measuring the impact of data security incidents on business. They’ve found that thus far in 2009, U.S. businesses and other organizations have suffered 83 security breaches, potentially exposing the records of at least 1.1 million people, according to an informative article appearing this week in InternetNews.
The ITRC report clearly indicates that the pace of data breaches continues to increase, much like an automobile accelerating at a high rate of speed down a hillside. And some businesses are like the hapless driver who left the car unlocked and in neutral, now running frantically to catch the runaway vehicle. The ultimate outcome can’t be pretty: loss of customers, severe damage to brand, angry stakeholders and potential fines for non-compliance or mismanagement of data.
The ITRC report also points out that the most common causes are largely what we think of at Redemtech as traditional for off-network incidents – breaches due to human error such as the loss or theft of physical data devices; ie: laptop computers. The ITRC’s Linda Foley was quoted in the InternetNews article as saying that in 2008, there were more breaches due to human errors than there were from malicious cyber attacks. That’s a humbling thought in a time when hacking, phishing and other cyber-crimes, including the alleged hack that is impacting Heartland Payment Systems, are grabbing headlines. The Heartland debacle wasn’t even included in the ITRC statistics because full disclosure of the number of people affected has not yet taken place.
Another significant news article on the topic of data security also appeared recently in
Small Business Computing. The article notes that ITRC data revealed that during 2008, only 2.4 percent of the organizations that experienced a breach had encryption or other strong protection methods in use. In fact, only 8.5 percent of the breached information was password-protected.
That’s hard to believe when you consider the serious monetary and public relations damage inflicted by most any data security breach, off-network or on. And a week doesn’t go by without more reports of incidents. (See the Redemtech News Bureau Data Security Edition) All of this comes on the heels of a new Ponemon Institute study that attributed 88 percent of 2008 data losses to internal errors.
It’s clear that 2009 is off to a rough start as far as data security is concerned. Hopefully, by the end of this year, more businesses will be on board with encryption and establishing the best practices and technology to make sure their important data is secure and compliant.
Comments