funsec mailing list archives
Data Breaches Surpass 2007 Level, But Businesses Rarely Are Penalized
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Tue, 9 Sep 2008 09:37:59 -0400
http://online.wsj.com/article/SB122093405633914081.html?mod=todays_us_market place Data Breaches Surpass 2007 Level, But Businesses Rarely Are Penalized September 9, 2008; Page B9 U.S. businesses reached an ignominious milestone in August, when the number of data breaches disclosed publicly for the first eight months of 2008 already surpassed the total number of disclosed breaches for all of last year. There were 449 publicly disclosed security breaches as of Aug. 22, compared with a 446 total in 2007, according to Identity Theft Resource Center, a San Diego nonprofit organization for victims of identity theft. The reasons why businesses struggle keeping customer or employee data secure are many: Cyber criminals are adopting more sophisticated techniques for breaking into businesses; businesses are creating, storing, and sharing more data than ever before; and employees don't understand the value of the data that they work with or the myriad ways the data could fall into the wrong hands. All of these make tech security difficult -- but not impossible. The real reason that data breaches are on the rise is that businesses don't have a real incentive to invest more than the minimum required in security, says Bruce Schneier, chief security technology officer at BT Group PLC. "For the most part a company doesn't lose its data, they lose your data," says Mr. Schneier. Consequently, the entity responsible for the breach isn't the party that is harmed by it. Victims are upset, but they are more likely to learn about the fraud that is committed in their name -- not the breach where a criminal obtained the data. They are often powerless to punish the business that exposed the record because they can't link the fraud to a cause, says Mr. Schneier. At least 44 states have laws that require businesses to disclose data breaches. But a recent study by researchers at Carnegie Mellon University found no evidence that these laws actually reduce the incidents. There are potential loopholes: Sometimes only businesses in certain industries must disclose a breach; or the breach may have to be disclosed only if a business suspects that the information will be used to commit fraud. Also, aside from potentially negative publicity, businesses are rarely penalized for a breach as long as it is disclosed. ...
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Data Breaches Surpass 2007 Level, But Businesses Rarely Are Penalized Richard M. Smith (Sep 09)