Comments on: How many data security breaches will it take?

By: Dave Brown

Dave Brown — Wed, 09 Jul 2008 20:56:13 +0000

I agree with the laptop encryption. I am very fluent with PointSec and know about Safeboot and both are good products.
I cant say anything about Utimaco since I never worked with it.

I would not go with a M1cr0$oft full disk encryption because it has been easy to get around it.

If I worked for bank I would not trust online backup systems. One reason is you dont know the history of employees or the admins of the systems that have physical access to these systems. You cant say for sure that data is wiped above DOD standards or the drives are destroyed after they fail. Way to many things you would not be able to validate.

Lost or stolen tape backups, come on I know Veritas has a tape backup system that can be configured to encrypt the information written to the tape.

As for the amount of government agencies that have lost information…..That disappoints me and has for years. The government has been telling Health care and Financial institutions to secure the data and it turns out a majority of the agencies for the government don’t even practice what is being preached. Hmmm, do as they say but not as they do?

I’m done because I know I could go on for another hour but I don’t currently have the time. I’m busy protecting customer information.

By: Janni

Janni — Wed, 30 Apr 2008 21:06:59 +0000

The most devastating data security breaches are those involving organizations that maintain or transmit large numbers files of individual personal identities, such as names, addresses, dates of birth, social security numbers, credit card and other financial account numbers.

By: Bad Credit Remortgages

Bad Credit Remortgages — Fri, 25 Apr 2008 15:49:51 +0000

You think you have iy bad in the USA? Here in the UK the amount of security breaches have steadily increased this year. With 2 CDs going missing this year with 100,000′s of of personal details. And then the Ministry of Defence had more information stolen from a briefcase at a fast food outlet. In the second case it was a stolen laptop and hopefully the MoD were using some encryption.

By: bad credit remortgage

bad credit remortgage — Sun, 10 Feb 2008 11:27:11 +0000

150m is about half the adult US population. That’s a scary number.

You’re right about laptops too. It’s not only financial, but look at how many laptops the military loses each year with all sorts of juicy technical information on. And why does no-one ever encrypt their laptops?

- Gary Webber

By: Pasi

Pasi — Mon, 28 May 2007 08:28:53 +0000

>The newest two million bit >encryption, and all the security in
>the world isn’t going to help when
>an employee looses a laptop with
>sensitive information on it.

This is not quite so. The data loss in the cases above where a laptop was stolen could have been quite easily prevented by using modern full-disk encryption solutions.

If password security is not enough then use two factor authentication to provide even better level of security. Here are a couple of good software providers:
-Pointsec
-Utimaco
-Safeboot
-Others…

By: Chance

Chance — Fri, 25 May 2007 18:11:14 +0000

I’ll be the first to admit I don’t know much about regulatory compliance for banks and other financial institutions, but you think BoA would suffer some sort of penalty 5 incidents in 2 1/2 years?

It must be nice to have enough money to ignore laws because paying the fines is cheaper and/or easier than correcting the problem

By: Jennifer

Jennifer — Thu, 24 May 2007 16:56:05 +0000

One way to reduce the risk of data loss is by backing data online.

One excellent resource site for online backup and storage is:

http://www.BackupReview.info

Here, you will find the top 25 online backup companies along with 400 companies, daily news releases, articles and interviews.

Cheers,

By: Bjorn Snorrason

Bjorn Snorrason — Thu, 24 May 2007 14:35:26 +0000

>How we can stop all of this:
>The current focus on data security seems to resolve around PCI / CISP
>compliance and keeping data protected and properly stored. In truth, not
>storing sensitive data on portable devices would do far more good. The
>biggest reason of data compromise is stolen or lost laptops containing
>sensitive information on them.

The facts we have got to know of recent breaches certainly bear that out. Of course we can never be sure all are reported, although in certain US states there are now statutes requiring disclosure with breaches.

One of the aspects of encouraging responsible data storage practices is financial liability for those who were negligent. This was recently discussed at techdirt:

Will TJ Maxx Lose 77% Of Its Customers Over Data Breach?
http://techdirt.com/article.php?sid=20070412/181810&threaded=true

In that article, Jim Harper of The Cato Institute states that, “the average person, victim of the average data breach, suffers essentially no harm whatsoever.”

This is true but it ignores the real victims of this kind of theft – completely innocent online merchants.

They are the true victims of breaches such as these because unlike card holders or brick and mortar stores, online merchants are entirely liable for card not present transactions even if they are not at fault.

Without help to protect themselves, merchants are completely vulnerable, and liable.

As my colleague Thorsten says, the problem is that the costs of such breaches to online merchants is an externality to the card associations such as Visa and MasterCard, to the issuing banks and payment gateways.

Until they are help liable in the courts for the true costs to all of the parties related to data breaches (not just reissuing of cards), it seems doubtful that we will stop seeing these kinds of data breaches occurring.

Sad, but I think true.