Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

12/21/2007
04:05 AM
50%
50%

Privacy Goes Public

While end users remain confused about online privacy issues, enterprises - and vendors - now make it their business

2:05 PM -- For years, "privacy" was something people kept to themselves. If you wanted to protect your identity, you kept your address to yourself, didn't give out your phone number, and asked not to have your Social Security number put on your driver's license.

My, how times change.

Over the past year -- and particularly in recent weeks -- "privacy" has gone corporate. In fact, we could now legitimately argue that corporations and government agencies place a higher priority on privacy than the end users themselves.

Don't believe me? Ask someone -- anyone -- in the British government right now. Over the past few weeks, the U.K. media has uncovered breach after breach in the country's government, revealing what could only be described as a systemic disregard for citizens' personal data. Officials are desperately struggling to right the ship, but a couple of top officials have already been thrown to the sharks. (See EED Appoints Iron Mountain Exec, UK Government Breach Exceeds Original Estimates, and Data on 3M UK Drivers 'Lost in Iowa'.)

And these sort of breaches are no longer isolated. In fact, research released earlier this month indicates that as many as 85 percent of companies have experienced a breach of personally identifiable information in the last 12 months; 65 percent have experienced more than six. (See Study: Breaches of Personal Data Now Prevalent in Enterprises.)

These breaches aren't just embarrassing for the officials involved. In study after study, consumers say they are increasingly avoiding companies that have experienced a breach. Such public scrutiny can't be good for business partnerships, either, especially if it reveals blatant disregard for security or privacy policies. Think about it: Would you really want to add TJX to your supply chain system right now? (See Breaches Cause Skittish Attitudes Among Holiday Shoppers.)

And consumers aren't the only ones who smell blood in the water. Vendors are making big business out of the privacy breach market. Who had ever heard of "data leak prevention" even a year ago? And now there's a burgeoning market for services that protect consumers' data as well. (See Amid Confusion, Market for ID Theft Services Grows.)

Yet, while businesses and government agencies begin to regard privacy with a much more serious eye, recent developments suggests that individuals actually are less concerned about privacy than they were previously. The rise of social networking sites suggests that online users are increasingly willing to reach out to strangers, sometimes with disastrous results. (See Google's Orkut Social Network Hacked .)

And in a new study by the Pew Internet Project, 60 percent of Internet users said they are not worried about how much information is available about them online. Only 38 percent of users say they have taken steps to limit the amount of online information that is available about them. (See Internet Privacy: No Big Deal?)

So has individual privacy now become everyone's business? Maybe not, but it certainly seems to be important business for enterprises, government agencies, and vendors. It's still not clear whether there's money to be made in privacy, but there clearly is money to be lost. And where money is involved, you can bet you'll see business stepping up.

— Tim Wilson, Site Editor, Dark Reading

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7856
PUBLISHED: 2021-04-20
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.
CVE-2021-28793
PUBLISHED: 2021-04-20
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
CVE-2021-25679
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed....
CVE-2021-25680
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only...
CVE-2021-25681
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The aff...