Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity
    • Networking
    • Storage

    Protegrity Report Finds Citigroup, Epsilon, Sony Data Breaches Preventable

    Written by

    Fahmida Y. Rashid
    Published August 18, 2011
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      In an analysis of recent data breachs at Epsilon, Sony and Citigroup, Protegrity observed that cyber-criminals have shifted their focus from targeting financial information to stealing personally identifiable information, the company said in its report released Aug. 17.

      The personal information includes names, email addresses, home addresses, health data, passwords and even sensitive corporate information.
      Entitled “It’s Not Just About Credit Card Numbers Anymore,” the Protegrity report took a detailed look at the data breaches and concluded that personal information was “highly valuable” to cyber-criminals but “vastly underprotected.” The shift in targeted data is also a reflection of the improved security measures in place to protect financial information, Protegrity said. The report also found “clear evidence” that the same level of attention towards protecting the personal information of employees, and customers is not present in organizations.
      “Data breaches are spiraling out of control, and companies such as Sony, Citi and Epsilon are finding out just how expensive it is not protect customer data properly,” said Suni Munshani, CEO of Protegrity and author of the report.
      Protegrity looked at the malicious attacks to “dissect” each breach to determine how they occurred, how they could have been prevented and what victimized organizations should do next, Munshani said. Approximately 92 percent of all data breaches in 2010 were “relatively unsophisticated” external attacks, and nearly all of them could have been prevented or mitigated relatively easily, according to Verizon’s recent 2011 Data Breach report.
      “That is a stunning indictment of the data protection methods used by corporations today, even in the face of strict regulatory requirements,” Munshani said.
      While Epsilon has not revealed details of how the breach occurred, the Protegrity report quoted Jonathan Zittrain, a professor of law at Harvard Law School and co-founder of the Berkman Center for Internet & Society, who said implementing “the right security controls” such as a password, could have prevented the theft.
      Epsilon has improved its cloud security, implemented stringent access control rules through two-factor authentication and worked with Internet service providers to “build an unprecedented anti-phishing” tool, Munshani wrote in the report.
      Sony had deployed a robust perimeter prior to the breach, but neglected to secure the data in case malicious attackers managed to get a foothold into the network and become trusted insiders, according to Protegrity. The entertainment giant also did not receive an alert about the breach because it wasn’t running a full forensic audit system, but discovered it as part of a routine security scan, Munshani said. Citigroup likely was a victim of phishing or some other social engineering attack.
      Organizations should treat personal information as sensitive as if it was financial data, and keep careful eye on where the data is going at all times, Protegrity said.
      “Data security solutions like tokenization and consistent security policies would have prevented all of the three data breaches mentioned in the report and saved those companies tens of millions of dollars in damages and litigation.” Munshani said.
      The PCI Security Standards Council supports using tokenization to secure data for the payments industry. The council released its Tokenization Guidelines Supplement on Aug. 12 to outline what merchants can do to protect their data to meet PCI compliance rules, Ulf Mattson, CTO of Protegrity told eWEEK. Storing tokens can help reduce the amount of cardholder data in the environment, which would reduce the effort required to implement PCI DSS requirements, Mattson said.
      Under the rules published in the supplement, merchants considering tokenization should perform a thorough evaluation and risk analysis to identify the unique characteristics of their particular implementation, Mattson said.

      Fahmida Y. Rashid
      Fahmida Y. Rashid

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.