Record Exposure Hits Milestone

NEW YORK -- This morning, the Privacy Rights Clearinghouse (www.privacyrights.org) reported that more than 100 million personal records have been exposed since the infamous ChoicePoint hack in February of 2005. On the occasion of this disturbing milestone, Application Security, Inc., (AppSecInc) (www.appsecinc.com) the market leader in database security, offers perspective on how data security must change as we prepare to enter 2007.

While the image of a computer hacker exploiting software flaws over the Internet from a foreign country strikes fear, the reality is much more complex – and ominous. In the past two years, reported data breaches more than doubled in 2006 when compared to 2005. The number attributed to “hacks” dropped, however, to less than 20 percent in 2006, from approximately 35 percent in 2005.

Massive data exposure often results from shortcomings in people, process and policy – as well as technology. As a result, AppSecInc CTO Aaron Newman recommends that vulnerabilities associated with data – not amorphous threats or specific technology weaknesses – be the critical starting point for ALL security initiatives. Mr. Newman is one of the foremost experts on database security and co-author of the Oracle Security Handbook. He suggests the following six steps are the right mindset for a security resolution in the New Year:

Mr. Newman adds, “The end of 2006 greets us with the cold, hard fact that at this level of exposure, we’re playing with fire. With each breach, massive and widespread identity theft is headed toward epidemic proportions. In the past, security was dealt with in an outside-in mindset, defending the walled garden from intruders. But in today’s reality, this leaves far too much room for error – or malfeasance. We must make 2007 the year of inside-out security – starting with the ultimate target of exposure, the database, and working our way out in a layered defense.”

Application Security Inc.