Data Loss is the Other Guy’s Problem

June 15th, 2009 by David Leave a reply »

Except for the very paranoid, one of the main reasons why companies don’t take steps to better secure their data and their PCs is that they never think that their company will be affected by the issue.  The next company is a bigger target.  That other company has a bigger risk.  They have already invested enough in security measures.

To test that theory, I took a look at the Data Loss Database managed by the The Open Security Foundation (OSF).  Every day, their project curators and volunteers scour news feeds, blogs, and other websites looking for data breaches, new and old. We search for incidents that need to be updated, or incidents that are not yet in the database.  So while they collect data – clearly they do not have the ability or bandwidth to locate information on all data breaches.  Their reports clearly are undercounting the nature of this issue.

However, it is a great sample to illustrate the breadth of the data security issue.  Lets look at the 20 reported incidents from May 2009.  What companies were impacted?  What types of companies were impacted?

  1. Information Company
  2. Community College
  3. Not-for-profit religious organization
  4. Government Agency
  5. Hospital
  6. University
  7. Government Agency
  8. Government Agency
  9. Car dealership
  10. Government Agency
  11. Government Agency
  12. Health Insurance Company
  13. School
  14. Financial Institution
  15. Union
  16. Financial Business
  17. Electronics Manufacturer
  18. Internet Store
  19. School
  20. Insurance Company

Sure Government agencies and Insurance companies are high on the list.  But a car dealership has driver’s license information, home addresses and financial data.  A Union has customers – all it’s members and they have addresses, social security numbers and more.  A not for profit – clearly not an organization with deep pockets for technology – but encryption is affordable compared to the potential losses.

If you have computers and you have consumer customers – you have the risk of having information breached.  You may think this is a problem for “some other company” but the reality is that it is an issue for every company.  We’re just showing the industry – but the actual company names are available on the Open Security Foundation database. Consider the low cost of data encryption versus being on the above list.

Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon

Posted in Data Protection, Encryption

Tags:

You can follow any responses to this entry through the RSS 2.0 Feed. You can leave a response , or trackback from your own site.

Trackbacks /
Pingbacks

  1. Prescriptions without Encryptions! | Alertsec Xpress Data Security Blog

Leave a Reply