Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • IT Management
    • Networking

    Corporate Sloppiness Is the Real Culprit for Data Loss, Not Vilified Hackers

    By
    Lisa Vaas
    -
    March 28, 2007
    Share
    Facebook
    Twitter
    Linkedin

      Expect to see the 2 billionth personal record compromised by years end, according to recent research from the University of Washington. But dont blame it on rogue hackers; sorry to say, its your own fault, Corporate America.

      Researchers at the university in Seattle estimate that electronic records—those containing Social Security or credit card numbers, academic grades or medical history—are bleeding out of North American organizations at the rate of 6 million a month so far in 2007—up some 200,000 a month from last year.

      Excluding the exceptional 2003 incident that involved 1.6 billion records stolen from information aggregator Acxiom, hackers have been responsible for only about 550—31 percent—of confirmed breaches between 1980 and 2006.

      The majority, 60 percent, of incidents of compromised records were attributed to organizational mismanagement. That includes missing or stolen hardware, administrative errors, insider abuse or theft or accidental posting of sensitive information online. The balance of 9 percent of breaches were due to unspecified circumstances. Even with Axciom removed from the picture, the commercial sector still accounts for about 252 million individual compromised records, four times that of the next-highest contributor, the government.

      /zimages/7/28571.gifThe laptop is lost. Now what? Click here to find out.

      In order to examine the role of organizations behavior in privacy violations, two UW researchers analyzed 589 incidents of compromised data between 1980 and 2006 by collecting news accounts out of major U.S. news media outlets including the New York Times and USA Today.

      The researchers were Phil Howard, an assistant professor of communication, and Kris Erickson, a UW geography doctoral student. Their report, titled “A Case of Mistaken Identity? News Accounts of Hacker and Organizational Responsibility for Compromised Digital Records, 1980–2006,” delves into the flood of escaping records and some of the related dynamics and is due to appear in the July edition of the Journal of Computer-Mediated Communication.

      The authors say that organizations can probably be blamed for the management practices that result in administrative errors, lost backup tapes or data exposed online. Organizations arent off the hook just because of a data compromise caused by an insider, though. “Even though an organization can be the victim of theft by its employees, we might still expect organizations to develop suitable safeguards to ensure the safety of client, customer or member data,” the authors write.

      In a press release, UW said that Howard and Erickson were careful to avoid double counting press accounts of the same breached-record incident that led to exposed credit histories and other personal information. In fact, Howard writes in the report that the researchers numbers likely underestimate the number of data breaches pre-2003, when Californias pioneering Security Breach Information Act (SB 1386) took effect. That law requires companies to disclose security lapses. More than 20 states have since adopted statutes modeled on Californias.

      During their analysis, Howard and Erickson also found that SB 1386 and similar legislation is likely responsible for the number of reported incidents more than tripling in 2005 and 2006 compared with the previous 24 years, given that such legislation wasnt widely adopted until 2005.

      Besides the fact that laws are forcing organizations to report data breaches, another factor in the sharp increase in incidents since 2005 is likely the fact that institutions are maintaining a larger quantity of electronic data. Another possible cause of the spike in electronic record loss, and the one its authors found most plausible, is that the mandatory reporting legislation has exposed both the severity of the problem and the frequency of organizational mismanagement.

      The increasingly harsh punishments meted out to illegal hacking has actually allowed commercial, educational, government, medical and military organizations to avoid being held responsible for their lax attention to data security, the authors claim.

      How to turn the situation around is another question entirely. The report suggests alternatives such as setting stricter standards for information management, levying fines against institutions that violate information security standards and mandating the encryption of all computerized personal data.

      There are problems with such approaches, however. “The introduction of legislation to directly regulate institutions that handle electronic information would certainly be controversial,” the report notes. “A wide variety of agencies, companies and organizations manage personal records on a daily basis. This complexity would hinder the imposition of standardized practices such as encryption protocols. Corporations would probably balk at the prospect of having to pay fines or introduce expensive security measures and accuse the government of heavy-handed interference. Others might argue that the imperatives of free-market capitalism demand that the government refrain from adopting punitive legislation, especially in order to maximize competitiveness.”

      Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

      Lisa Vaas
      Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×