Corporate incompetence liable for most exposed records
Hackers get the rap for breached records in the
popular press. But, most of the time the villain in the piece turns out to be
lousy security opening the door for identity theft and stolen
records.
Hackers get the rap for breached records in the popular press. But, most of the time the villain in the piece turns out to be lousy security opening the door for identity theft and stolen records.
If Phil Howard’s calculations prove true, by year’s end the 2 billionth personal record — some American’s social-security or credit-card number, academic grades or medical history — will become compromised, and it’s corporate America, not rogue hackers, who are primarily to blame. By his reckoning, electronic records in the United States are bleeding at the rate of 6 million a month in 2007, up some 200,000 a month from last year.
Malicious intrusions by hackers make up a minority (31 percent) of 550 confirmed incidents between 1980 and 2006; 60 percent were attributable to organizational mismanagement such as missing or stolen hardware; the balance of 9 percent was due to unspecified breaches.
The education sector, primarily colleges and universities, amounted to less than 1 percent of all lost records, but accounted for 30 percent of all reported incidents.
When the past quarter century is viewed in terms of the number of reported incidents. Three out of five point to organizational malfeasance of some variety, including missing or stolen hardware, insider abuse or theft, administrative error, or accidentally exposing data online.
Even the simplest procedures get overlooked. IT should be the first people to know someone is going to be fired — so they can pull passwords and access before a pissed-off soon-to-be ex-employee can screw with the system.
Posted: Fri - March 16, 2007 at 08:47 AM