Data Breach Round up : Last Month

June 12th, 2014 by admin Leave a reply »


 

To get overview of recent data breaches, we are summing up the challenges and solutions to prevent information and credibility loss.  All the excerpts are part of communication with Rapid7 global security strategist Trey Ford.

Data Points

It’s crucial, Ford says, to ensure that everyone in your organization is fully aware of the sensitivity of the data they may be handling. “A lot of people are posting data, they’re moving things around – they’re just trying to do their jobs – and for a number of reasons they may not always be aware that, OK, this is a list, this is a database, and some of this data is sensitive,” he says.

While most companies are aware of the importance of protecting clearly sensitive data like Social Security numbers and credit card information, Ford says other data can easily slip through the cracks. “We’re in a culture where it’s been comfortable to give out your phone number, your email address, your mom’s maiden name – and we’ve forgotten that with just a few more data points, you can go through and start creating fraudulent accounts or purporting to be someone else,” he says.

“Attackers are going to be like water – they’re going to follow the path of least resistance,” Ford says. “So it may be that a lot of your core systems are very carefully measured, but you don’t get to wash your hands and shrug off liability when you give sensitive data to external companies.”

Breach Communication

Ford says the recent eBay breach serves as a good example of the importance of responding to a breach correctly. “EBay has historically very heavily invested in great technology, great people. They’ve had a very advanced security program, they’re very aggressive with their measurement strategy, they’re a metrics-driven security organization – and I’m confident that their internal response was actually very swift and well-executed internally,” he says.

Encryption is the answer

Finally, Ford says it’s frustrating to see data breaches resulting from the theft of unencrypted laptops and USB drives continuing to be an issue. “Encryption technology exists, it’s pervasive, every major operating system in production used today has it or has it available, and it’s not even terribly expensive,” he says. “The challenge lies in the fact that it’s hard to manage. There are concerns about, ‘What if the admin leaves, or what if we get locked out of something?’ – and those are valid concerns – but those problems have been solved, they’re addressable, and organizations not using encryption should be the exception, not the rule.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Leave a Reply