Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Data Breaches: The Enemy Is Us



 By: Lisa Vaas
2007-11-28
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
The employment of human beings is the most common cause of data breaches.

Wondering whos causing all the data breaches? Thats easy: Just look in the mirror.

Or, as PGP Director of Product Management John Dasher puts it, its "the employment of human beings" thats the most common cause of data breaches.

Larry Ponemon, chairman and founder of the Ponemon Institute, told eWEEK that at least 80 percent of data breaches involve the human factor, a finding thats remained steady in the seven or so studies the institute has done over the past years.

Resource Library:
The most recent of these studies, titled "2007 Annual Study: U.S. Cost of a Data Breach," was released on Nov. 28. The study—sponsored by encryption software maker PGP and data loss prevention vendor Vontu—surveyed the experiences of 35 organizations across an array of 15 industries, each of which has suffered data breaches that involved from fewer than 4,000 records to more than 125,000 records.

Lost and stolen laptops and mobile devices still rank as the most frequent cause of a data breach: Almost half (49 percent) of data breaches in the 2007 study were due to lost or stolen laptops or other devices such as USB flash drives.

In fact, that number likely understates the problem. A lost laptop is hard to ignore, Dasher pointed out, but if a memory stick falls out of somebodys pocket, theyll tend to just go to the supply cabinet and grab another one without informing management that the organization has lost control of potentially sensitive data.

"One well-known security person said to me, Whos going to look at a memory stick and actually read it? Who s going to waste their time?" Ponemon said.

"I would," Dasher said.

Disregarding security policy is another common human failing often at the bottom of data breaches. The most recent publicly reported incidence was that of a Canadian laboratory, which on Nov. 20 admitted that a contractor had taken home a computer containing patient records. The contractor was contacted at his home office by a professed security researcher who told him that patient information, including HIV and hepatitis test results, were accessible off the contractors open Internet connection. An undetermined amount of patient records were involved.

"Think of legitimate behaviors," Dasher said. "A financial analyst goes into a secure database, legitimately. He does an extract of your top 1,000 customers. He slams it into a spreadsheet. Its no longer in a database, so database security is no longer at play. Now its on a server, or a laptop, or a thumbdrive: multiple copies of highly sensitive, highly valuable information floating around."

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.



  Reader Comments: Data Breaches: The Enemy Is Us
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Lisa Vaas
 


x}r8vDZӮKm)XTFh)ئHIyž>fृ|TWϖ˖0$B"λ$i9cr3ݩkj΢.w߽ ![f8iTEK ]ߤ~Am;t =4mFNHB~}@~sfwD%x_'Щѩ&€wɄZIКؕ>}~qlv .pvLQmxuGѦ%xu)t(DHږyH6EGJߣ*C7 ݩx8/DeO؀HYɼM"h4"j>wn3 w2 X]~D42]pj:TN`UFfn KQFr[BL*- Dƞ4ICsh;Eýе }:|p 09juj=nfO-n@w0\'p}j b@rhưcIp'|2XpiGJj#ϟ~b[4G:ge~/7P7nǾ;s270XMXV6'`>6L(L|HBɤ:ѰħFr ˺Y4h4öۢCCٰo5RrXJyYr_ӽl˙=X\hӟoF/sj_.;gW(֝[pn+Va*.:^O.ac'H|'oDV)UjT:(¤Ԙ8r RM7Jqߨ+~ISC 40" J1zĢ>Q}?M-~k~>EF,sA4 衊Ġ+`WK2h\tܜ<_rt.O7=rڽ&'OvI; i OgfɗV?z'^=:$~~54Y01\ \^Kjg$NWm2 ᭫GcRdt,'90N`mYn_H!T|Y|ԛE34 i[2)>-L9X@.@שS 04'h,iV筱J+҄& )B:A`̺kR$9(8ȟk4R\ 9jb蚏)6K .7Rަ,|y"b4rݠQsSAEI7CD r23yB(&PHQ>Ly%Kuu7p@e-}rhNԖڂ1W|{g?H .Cuv}BzW^?]{68^%glh|.B2iK1QW5MGVOL絯Tf~X}U95zQnʼnl :2X bXP7HaQgtA`:)ҧ!>RӚMCqRO#Gs>2胎6mb8-" ,70}HOqI $o Qx٭lE%H_¤< ) FA=H:]6Z\?`c VCB뎂9{׿ergmMA(oInPX^0G`^@48`88ʼ E]uCb賀B=`Mtև &SsfPB P^!͘;eL nU]ޖgK<'*J/^r_OM)Hj`>T*7vZA\M1tϏE=kb$`~ ]Ѓ`!'|pf:g3?RlC4 $P+}ne0Ժ-Q - of Š%lDc@u^XԳtg~a?_XTNۋkʮtْ/hvpފ:fkDxF3fԑeӀP=Uޤ bZk;+P  ӸcsMD@knV2 &Omܑk}>fuE׏$ciy: Y8pS\SkHl4$*Paa0 S]JUlQԼ;< 1 ­r]ilu0q`*1Z3:uV*_;$!U7wIQ)kM8v9E1ǁ^{E[= F:07f/|P"8 y@*&Ozq  b h bAzqSE+n @oXL+*)Gqϟ  sWyGfZa0K=y:kR^KGVUJj5qvJ.΂wQ)4G  j}q:Moũ1FtYJo?u :tɕK-ޫp #.Z$ c?`W. _{kOhR9A} l#e{X~\W4Uud¹`Qеa#ECV8! P"7hV{eejڳt_KdwT |qCJhBH"DκԲ':*f56 0GnGWG$X c44} 2*zIe߯Y+t n)5# #2!qgrh)h'j*W vϷJh#VX[#WX xV IQ~gV ׆gyϤM͋hR|5y ,>s)~7'zER7ƹW<sƇ~ڷBYHjF N|9~ܔyeb@mjE@?}誦URCm2YhSYpg#ؚIκV}l,On?{JLAh5xb==#ݸy?,`YE8&}+砩gsɜC/wܒ;!+̀X'W-7|8)B/|%|j0NyT!"kq0n #8wDA۝⢟df?]ou*Z-Yi {2 t9t=d}k?pYOUU^SG<:H3$_@hOXM ]?+7ỨfRvQLlv_*|) B5@uhrGSYI {Q\L Cn/$h@^!1Mu(@=Ү&tƝ.W y*6a2N8[knI"G: aTCnƭj@iuI+KZ =2AQtA*}/*\DIv3ҿ﩮 BGDS[Uts)xT-kZl[Ԫw>"iq=C IZP+{),%~W9@` |ZUj r22DBZNBq'߾l[D m‚'T&.n_B&WF@"'!Z43,qvëJUVqe^?2Z cS7WwvZ]}{?" }M Apفf#;?Jn:'R>i/.: st'_u{~{y@Dмy֏S %<jԹ~<:m~l19|ˁWM $(XqCOճ2urҹ|/]whg~py# @@W~Bh]\/~wϻ!9\txx\C R?!pSv::b3ڌ6NJ,#|qaxKiWb@ űtOלX0z.ӱB3ZOUc)|F ڠj+: wos_,ĨChpF1xc|o}A\d~j_eԉ)%2 \({6-~G( cdQ(S1T$-zbeanKlx0e9RȔ&=I8 z>SB&Դ˓4-i^yqj ieʒ~(h' ۡX!қ].7G8 (OMkzisy/Ps~%3 TgKEҊ Pk qbG-g+y--E#]}+ iN,#zSa!J fR_,wuO5mOwX{Er?gF'q?Iȸt2Ti '3X6 w{ѺB ?݁C5^]s>ͥ=`L8M\gwhNPD(Vp)c24,`ul2Èǥ̷rt?K.}:﷯Is 09j~%H@2othCk7yEO>O4wX]{'NE S7N{mda}?H+Fis(!X4vdLc!I )VԺ5w7`ʜ9%'+Txr1Ϣ(oP2^:pO¤%sc}d}ݸw[f1rifwaoJP>I.=]awQ;ݝ{͞6vYiEe9s\ -"nǸZ㽤|>O90)7=E$/Af} mD.Ekg[D:*tcxO||nF?m?C4ȥN4=v7w6BfP EV1a+ }kMH!q` k c*Yv4.߮ B;FJX<N>۴rUCaUk§ ,'iƿ_Wc#ޚU>9dHxӗOmRS]L8 tQ%nw@cvg!4Cwυ bLRNE.=]t-./-[䂟yx3<]on!"~Crߧ;{R=$7KA)kR{ 88lMꅮ)E{2ZII}3aW~WaGl[z@^83-*1gA?Xןj͗*䉦y b?N”RHes{r[dlLxc9Ȝ 9p㕅>e`yFJP|iol7)my&%-? :˘2lb~̽b ׄ }@%-tƻ$6|p,vYD"Dc}oDZS{ζ\N~lOӚ0,43K:uW)OjjC\Kv3(]y%.J_Xa @, 1s2rnnRUOvI+1ƭ?qm34)Nxa |H_0dF؏>HG>3I#m62GG"oeC0a5\ExQ_^?f~V4Rc4P,r7`BLKpgq˂B4; +r6$(a@HU&Y JE?Nm򅭈.kKYXt0P>S@z,$בڟ0ߣk1tf3\C]mk1`{C# jK[EU_I'~mSbcMonbyt)Ztj$_`Nc_&RV9dǜpp,k$ Iȯ^5VDsW`u)%vp Wy"''''?iRD6CzJc)EFMRa~^Ջlv?Zc5%^Ω}=Gp!"A$ D.rGS[/3^ސ/Ds(9>SąU"^%5(#unnVoC2(d|[녒cw+`)-,J-x$t8|5h>u008kJ)BzUP7GUVmHppr<yɰZCߢ#~0(|_U ,?;ӭ5BJdz; DoIh onHSW`yJ'9ey1r#k]LǣCqgạ̑l%J"b|=>Egؐ^ˮ϶Aس*BD~$2'h!g`j6usRBUL1@$=qdc)pgfA $ 5 DRI844*Wwi_*4LLLLLMzkZvq2x 򛇸@jQNlX)an&i7V z˨ Y5檒@QuĶLQt rL:M\W@2+aGKF\KӍvV;0BՕk ل L0zti3q/}ڊᩊ$nn&|\ґ@C nWZ)xoYI' zHOFn8hQ/;Re%0Sԫ86yY`SX[sjt'VS國R098^gYJ z~b= a*B 'UNz ԣ:BM.ŷXWU"j%gxkѵq/賚bfچX50^Vz^3vX5nZVںRqwz2Ko^qDs5d0ںs!CjLx>ڢ2TXX8I@!gZSe԰p-S| Y?*²F ifЮzV-w_\)5^V3q}7So-$!Z#xم5IK\ɨ':gۍY3JE+ۺo?=0pX*@ELni)eeO}K[e7_跔o1Q r|jXo7zvca\ H|o5A¯q{m>:b9ә6:u_ai*pM[d{=y-jP]#/7ڳbxdWY&9\d3+nVTm}yV9F x>3Kg,׏;G KG53?b)m*,}W0~2FԞk}KG6 Uh5Mfi+xd5k)sL!E TЍB9Ϫ͒;IoP}sY?e=a ' u3u?|{qBJ=Lm~Cѽ*X2;m^&OR#:&0* >LwAG>p<|SR=U%= hp~ڀkcEl~%:xd B6ɝ=F&s؏p 3$.lT""a=X@2>ndeH4]YUc `xK!f꜓M﷯{aGtg(-$=:J.Am:;A4I8N^wjL (]AxS; #x7tX$l.c₶A~!WC< l \ZP4ei:oFeOWJhQݹ!?1! g@L-Fa4iAX#hBGH[1~s?cMNsxXҚ ^C. > 5HJ 1шb10xװÞ1/>/ry2gSN S~909{ s?09ׅws͑?]/rqCWU@?9Ӄr߃r_P>'(W3OO9rߛorڿɡ=>k]T(RhK "S^9,.Os[x+c6Ds_tm\fH6T<'U~ m'mTώ;]: v岮nG\^D_x*$ ]vu$$}9= Z޳ZoTù(GCuhJ XN~ƒ_ 6#,zHTPsHOmM\-On\{&|   >%Ͷ cf\gHQ)xG7U@/7A{} r@cEߟ2"L)Ԧ?MSw)+],by Y3M` p#Q#*^g ͜5%S+~`[wt)(5x2;v͆Le(\v /-GyJ~Q.t 7tli @J]= m73T|` GYe`Z+r k5-E6<]܈XCx?ƽnb@R^H3LN*s=*)ve6r!*l XGڦJ-Qa[Ajb=x辉=e-{B7V0* ܋;ξV^f#9uOR6ȴ{ y 2 !ɴyye~҅N*I,f`aQd+$*)ؐW k`4bV@1,,oԟN*)Asa#El [ApN7\29Lg#3E~2㡺_0U9sm j VW6xozc|[wD,5ba:(= zBk|XK]s&&tĵa}ar8Lt4QS|J)Km)胇Ƚoz^ɴjuXXC *f"ODNű<<*IDy)V f@ȟ83}E.tʢp7*Ѡ,jU z' l5mEgl(3W'J^R۝wz"f/F)SذM*i29?R{) q%֋bmTʩItlǝlr n!%c]&ŮMvbesmN)