This is crazy, with all we know about network security and how important it is to safeguard our data, companies are still not getting the messages, so data breaches continue to increase. With all of the information people give up online ever increasing, this has the makings of a privacy disaster.
Given an IT security landscape highlighted by regulatory compliance,
publicly-disclosed data breaches, and increasingly sophisticated
threats, we often ask survey respondents whether their organization
suffered a data breach in the last 12 months. ESG has probably asked
this very question in several research projects over the past few
years. In the past, about 30 percent of large organizations (i.e. 1,000
employees or more) claimed that their organization had suffered a data
breach within the last year.This pattern was fairly consistent from 2005 through 2007, so I
expected to see similar results when we conducted another research
survey focused on application and database security at the end of 2008.
I was shocked to see that things have actually grown much worse. In a
November 2008 survey of 179 North American-based security
professionals, 56 percent claimed that their organization had suffered
a data breach within the past 12 months. In further analysis, 61
percent of organizations with 1,000 to 5,000 employees suffered a data
breach in that time frame. It’s easy to assume that these smaller firms
are more at risk since they are likely to have fewer security
technologies in place and smaller security staffs. Perhaps this is true, but even bigger companies are suffering data breaches – 49 percent of organizations with 5,000 employees or more endured at least one data breach of their own.
So what good is it if I rotate my passwords constantly, encrypt my personal data, and am careful not to send 500$ to someone in Nigeria so that they can send me millions? Once your data is out of your hands you have some company with a bottom line to protect that fails to include funds to hire competent IT staff to secure data and systems. Perhaps this bodes well for the idea of companies offloading their systems’ data to the cloud, that way a company that *only* holds data might be better able to secure access to it. (maybe)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=bde24f16-60ca-46a4-a087-a61a51235b7c)
ACLU
Daily Kos
Electronic Frontier Foundation (EFF)
Electronic Privacy Information Center (EPIC)
European Digital Rights
Ixquick Search Engine
Privacy Rights Clearinghouse