Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

12/21/2007
04:05 AM
50%
50%

Privacy Goes Public

While end users remain confused about online privacy issues, enterprises - and vendors - now make it their business

2:05 PM -- For years, "privacy" was something people kept to themselves. If you wanted to protect your identity, you kept your address to yourself, didn't give out your phone number, and asked not to have your Social Security number put on your driver's license.

My, how times change.

Over the past year -- and particularly in recent weeks -- "privacy" has gone corporate. In fact, we could now legitimately argue that corporations and government agencies place a higher priority on privacy than the end users themselves.

Don't believe me? Ask someone -- anyone -- in the British government right now. Over the past few weeks, the U.K. media has uncovered breach after breach in the country's government, revealing what could only be described as a systemic disregard for citizens' personal data. Officials are desperately struggling to right the ship, but a couple of top officials have already been thrown to the sharks. (See EED Appoints Iron Mountain Exec, UK Government Breach Exceeds Original Estimates, and Data on 3M UK Drivers 'Lost in Iowa'.)

And these sort of breaches are no longer isolated. In fact, research released earlier this month indicates that as many as 85 percent of companies have experienced a breach of personally identifiable information in the last 12 months; 65 percent have experienced more than six. (See Study: Breaches of Personal Data Now Prevalent in Enterprises.)

These breaches aren't just embarrassing for the officials involved. In study after study, consumers say they are increasingly avoiding companies that have experienced a breach. Such public scrutiny can't be good for business partnerships, either, especially if it reveals blatant disregard for security or privacy policies. Think about it: Would you really want to add TJX to your supply chain system right now? (See Breaches Cause Skittish Attitudes Among Holiday Shoppers.)

And consumers aren't the only ones who smell blood in the water. Vendors are making big business out of the privacy breach market. Who had ever heard of "data leak prevention" even a year ago? And now there's a burgeoning market for services that protect consumers' data as well. (See Amid Confusion, Market for ID Theft Services Grows.)

Yet, while businesses and government agencies begin to regard privacy with a much more serious eye, recent developments suggests that individuals actually are less concerned about privacy than they were previously. The rise of social networking sites suggests that online users are increasingly willing to reach out to strangers, sometimes with disastrous results. (See Google's Orkut Social Network Hacked .)

And in a new study by the Pew Internet Project, 60 percent of Internet users said they are not worried about how much information is available about them online. Only 38 percent of users say they have taken steps to limit the amount of online information that is available about them. (See Internet Privacy: No Big Deal?)

So has individual privacy now become everyone's business? Maybe not, but it certainly seems to be important business for enterprises, government agencies, and vendors. It's still not clear whether there's money to be made in privacy, but there clearly is money to be lost. And where money is involved, you can bet you'll see business stepping up.

— Tim Wilson, Site Editor, Dark Reading

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 4/7/2020
Researcher Hijacks iOS, macOS Camera with Three Safari Zero-Days
Kelly Sheridan, Staff Editor, Dark Reading,  4/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: The dead do not laugh...
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11655
PUBLISHED: 2020-04-09
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
CVE-2020-11656
PUBLISHED: 2020-04-09
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
CVE-2019-20637
PUBLISHED: 2020-04-08
An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connecti...
CVE-2020-11650
PUBLISHED: 2020-04-08
An issue was discovered in iXsystems FreeNAS 11.2 and 11.3 before 11.3-U1. It allows a denial of service.
CVE-2020-11653
PUBLISHED: 2020-04-08
An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.