Posts Tagged ‘Symantec’

Massive Data Breach at University of York

March 21st, 2011
Frontage of Heslington Hall, York, the adminis...

Image via Wikipedia

The University of York (informally York University, occasionally abbreviated as Ebor. for post-nominals), is an academic institution located in the city of York, England. Established in 1963, the campus university has expanded to more than thirty departments and centres, covering a wide range of subjects

The same university has now been pleaded guilty of a massive data breach which involves publishing the personal details of over 17,000 students including their cellphone numbers, date of birth and qualification scores from previous examinations.

The breach incident had happened in the starting week of March has also been reported to the UK data protection registrar, the Information Commissioner’s Office (ICO). As part of the prevention measure, the university has already apologised from their side for data breach and are also reviewing their security system.

So what exactly happened?

Ever since the breach incident happened, the confidential information of students was exposed to public visitors of the university website. This meant that any one could access over 17,000 records of all university staff, faculty members and registered students. This happened because the site page was not secure using a password protection mechanism thereby providing easy and open access to the data.

What is all the more concerning is that apart from the students their emergency contacts information was also exposed there by indicating that the breach was not just limited to the students.

University Registrar Dr David Duncan, issued a statement which said: “We are also investigating all procedures and management systems and will undertake a thorough review of our data security arrangements. “The Information Commissioner has been informed. “I would like to apologise to everyone who has been affected by this breach.” David Duncan added, “We will contact these individuals over the next 24 hours to inform them and to discuss this matter”.

The data breach was first discovered by the university’s student run newspaper.

The Information Commissioner’s Office (ICO) is conducting enquiries into the data breach incident at University of York.

An ICO spokesperson said, “We will be making enquiries into the circumstances of this alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken”.

If found guilty the university could face punishment from the ICO. The Information Commissioner’s Office has the power to fine any organisation with up to £500,000 if they find any organization guilty of breaching the act.

Secure your Data with Alertsec

Worried with the above incident and think you could also be a potential victim? In-order to avoid such incidents, following essential guidelines is very necessary for data security in any organization. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data.

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Related articles
Enhanced by Zemanta

No comments »

Posted in Data Protection, data breach

Tags:

Data Breach Costs Scale-up to over 7 million

March 11th, 2011
Category:WikiProject Cryptography participants

Image via Wikipedia

As per the research conducted by an American agency, the average cost of a breach has risen by 7% and is now $214. The study which was conducted by Symantec-Ponemon also found out that the cost of data breach incidents last year was $US7.2 million.

The annual study was 6th in number and it made an assessment of the total costs incurred by data breach incidents. In total, around 51 US organizations were analyzed. What is also very interesting is that, the costs have increased on an average year by year and this is the 5th year.

Out of all the breaches, the most expensive breach costed $US35.3 million. In contrast, the lowest was $US780,000.

According to Ponemon, “It’s not uncommon that people will say, ‘That’s a pretty expensive proposition and we might be underestimating it,’”.

The breach incidents led to increase in business costs such as loss of customer information and reduction in employee productivity. The other costs that were also responsible were notification provided to people affected by data breaches and other things likes detection/discovery of data breaches.

Francis deSouza, senior vice president of Enterprise Security Group, Symantec said, “Securing information continues to challenge organizations at all levels, but the vast majority of these breaches are preventable,” . “Organizations must not only protect the data itself wherever it is stored or used, but also create a culture of security including training, policies and actions. The results of this study show that companies with information protection best practices in place can greatly lower their potential data breach costs.”

Some of the other findings of the study are:

  • Per record cost of companies responding early to data breach incidents is more by 54%
    Responding early to data breach incidents i.e. within a period of one month can actually cost you more. The per record cost of such organization was $268 per record.
  • The most expensive incidents are criminal/malicious attacks
    Out of all the breach incidents, 31% of the cases were the one’s that involved criminal act. The average cost of these incidents was $318 per record.
  • Companies are more vigilant about preventing system failures. On the positive side, the failure caused due to malfunctioning of systems has dropped by 8 points and come down by 27%. The clear indication by this trend is that organizations have become more conscious and very particular about preventing and mitigating data breaches. They are adopting new security technologies and also ensuring their data practices are in compliance with security policies and regulations.

Brian Tokuyoshi, senior product marketing manager for Symantec said that deploying encryption before a breach could lead to cost savings. Data breach regulations vary by state but organisations typically were not required to notify individuals when missing data is encrypted. “We’ve seen a lot of encryption projects get taken up after a breach,” he said. “That is usually too late. It’s not going to do anything to help data that’s already been lost.”

Secure your Data with Alertsec

Following the essential guidelines is very necessary for data security in any organization. This news exemplifies the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data.

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Related articles
Enhanced by Zemanta

No comments »

Posted in Data Protection, data breach

Tags:

SMBs Worried about Data Losses

June 25th, 2010

Computer software security and data encryption are two vital areas that organizations cannot afford to ignore. Symantec has released a new survey according to which over many small and medium sized businesses are worried about the cyber attacks and data loss incidents.

According to Symantec’s 2010 Global SMB Information Protection Survey around 2000 SMBs  in 28 countries were surveyed. The respondents belonged to the following two groups:

No comments »

Posted in Symantec Data Protection

Tags:

Computer Security Issues in Organizations

February 26th, 2010
Credit Card Theft
Image by Don Hankins via Flickr

If we are to go by the estimates and statistics of the world leader in security provision, the present scenario is really the most horrible one concerning the cyber security of the organizations all throughout the globe. Just a few days back Symantec Corp released the findings of it’s global State of Enterprise Security Study, a study that surveyed over 2000 enterprises from 27 countries out of which 125 from Australia and 75 from New Zealand.

The study says that security is top issue for 43% organizations in both countries i.e. the ones in the ANZ region,  Australia and New Zealand and for 42% globally. Out of the overall ompanies surveyed in both nations, the cyber attacks in 12 months were experienced by  89% and 75%  globally. As a result the attacks cost the organizations individually an astounding $2million every single year at an average, which is surely asking for trouble and is extremely non salubrious for top officials of all organizations.

The major losses reported are corporate data, customer info theft that is generally customer credit card or other financial information and identity theft. So translated to aggregate cost form, the top three costs were productivity, revenue, and loss of customer trust. As Vice-president and managing director for the Pacific region of Symantec Corp Craig Scroggie said the results reinforced that organizations were concerned about security. “It’s not only the financial impact to consider then, but the damage to brand and reputation,” Mr. Scroggie added.

A sudden augmentation in attacks is observed according to security experts because of three major specific reasons:

  1. The security departments are understaffed according to organizations despite being assigning an average of 120 staffers to security and IT compliance.
  2. ‘IT compliance’, which for obvious reasons has proved appalling at times
  3. Organizations going on board with new IT initiatives which asks for new security measures every time.
  4. Another revelation that comes from the statistics of the survey says that 94% of the organizations are predicting changes in technology, which is no incongruous, and almost half that number about 48% are expecting major changes in the time to come. At a time when organizations like “Abu Dhabi Commercial Bank” are going with the thumb rule of ‘precaution is better than cure’ by establishing an infrastructure that provides 24-hour protection, Symantec has come up with certain recommendations for all the organizations which make imperative the protection of infrastructure by securing messaging and web development. It also suggests companies to have visibility and security intelligence to respond to threats.

About Alertsec’s Computer Security Software

Alertsec Xpress offers computer security software from Check Point as a fully customizable and pre-packaged data encryption software solution.

Reblog this post [with Zemanta]

1 comment »

Posted in Data Protection

Tags:

Social Networks, Spam & Data Security

January 26th, 2010
Information Security Wordle: PCI Data Security...

Barely a week ago, a Georgian family logged on to their AT & T mobile Facebook account only to gain access to a stranger’s Facebook profile. The glitch was apparently caused by some server software connectivity error. Another spam attack on Facebook was Koobface, a malware bot that controlled Facebook profiles and turned them into infectious zombies. The targets were falsely lured to click on malicious links. In-fact, these stories are classic examples of security breaches caused due to access of social networking sites & related devices.

Social networking sites have really grown in popularity ever since the term Web2.0 was coined by great Tim O’ Reilly. If we just look at the numbers of Facebook, it has grown in leaps-and-bounds and has now tripled its user based to 350 million. However the rise of social web also exposes us to an increasing risk of malicious attacks by spammers.

The latest 2009 security report released by Cisco does raise some security concerns as according to it, the spam in 2010 will increase by a level of 30% – 40%.

If we look at some of the past incidents, the report doesn’t spring much of a surprise:

  1. Last year in November, researchers at Symantec’s MessageLabs branch had mentioned that the DonBot network had begun sending spam emails in large numbers which accounting for as much as four per cent of the total global spam.
  2. During the beginning of this year, Mcafee had raised similar concerns

The type of risks

There is a multitude of risks involved with activity on social networking sites. The worst of which could be your account credentials could be hacked leading to severe consequences. If a social networking is infected with a spam script and if you pick that up, it could lead to gaps in your data security. At times these attacks are so threatening that even you state-of-art encryption software & computer security software cannot protect you.

Going back to Cisco’s security report, it also provide key inputs on the potentially devastating combination of minor vulnerabilities, poor user behaviour, and outdated security software that can dramatically increase risks to network security.

According to Cisco’s fellow Patrick Peterson; “The blending of social media for business and pleasure increases the potential for network security troubles, and people, not technology, can often be the source.

How to stay secure?

While it can be very hard to keep yourself away, but a lot of common-sense can help you to avoid these risks from a user’s perspective.

  1. Never ever save your passwords on public computers.
  2. Do not write sensitive information such as credit card information, Facebook account details in public forums or groups
  3. If you receive an email invite from someone posing as your friend to join a social networking website, do not click on the link without doing a cross-check.
  4. While on Facebook, do not install unverified applications or those released from unknown developers.
  5. At best, try to ignore friend requests from unknown users.
  6. There’s every-chain According to Cisco’s fellow Patrick Peterson; “The blending of social media for business and pleasure increases the potential for network security troubles, and people, not technology, can often be the source.
  7. Make sure that the privacy settings are upto the adequate level on your favourite social networking site.

You can download the full-version of Cisco’s security report from here.

Suggested reading links

Top 8 Social Media Security Risks
Social Networking will be target for hackers in 2010
Social Networking: Latest, Greatest Business Tool or Security Nightmare

Reblog this post [with Zemanta]

No comments »

Posted in Data Protection

Tags: