« Anyone else think Windows Server 2008 is copying UNIX/Linux?
ReactOS 0.3.5 alpha the “Windows like” OS »

Breach List 2008 Q2

Identity Theft Resource Center a San Diego based company released its Q2 data breach report list.  The report has some interesting information you can read it in full here.  What I thought was most interesting was that 20% of reports were due to lost or stolen equipment and 15% was by users posting sensitive information online.  When you think about it, 35% of the problems could be mitigated significantly by education, policies, and use of encryption.

Of the 20% caused by lost or stolen equipment it makes you wonder how many of those laptops or mobile devices “required” sensitive information to be stored on the system locally.  How many could have accessed it from the companies secure network over a VPN?  How many could have been protected with disk or file and folder encryption?  How many could have been prevented with effective use of policies about managing  sensitive information.

The 15% releated to employees and contractors is something I expected.  Two things are certain with security nothing is absolute and users will absolutely be the reason why.  When it comes to the rapid growth and opportunity of the Internet more and more people are going online and sharing with the world.  This is the reason why Google Health make me uneasy.  With the world becoming much more open it makes it that much easier for thieves to steal your identity.

Anyone also notice that health care (HIPAA) and banks (GLBA) have the highest increase while education, government and the military are trending down?  I think this has more to do with laws and regulation like HIPPA, GLBA and state laws that require businesses to report data breach incidents.  Where that isn’t as much a requirement for education, government and the military.  The fact that health care providers and banks have the data that is most valuable to identity thieves makes them typical targets.  Also in most cases of a stolen laptop it isn’t about data theft, as much as its about a thief stealing an expensive laptop.

One last point I would like to make is that with all the media hype around “hackers” its interesting to know they only accounted for 11% of the reports.

If you get a chance to read the press release I would like to hear your comments.

Related articles

Zemanta Pixie

This entry was posted on Saturday, June 28th, 2008 at 12:37 pm and is filed under Tech News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply