Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/30/2006
02:28 PM
50%
50%

Our Data Isn't Secure, So What Are We Going To Do About It?

One of the great things about my job is that there's never a shortage of things to do. This is especially the case when it comes to covering data security. Before the ink is dry on one story about a stolen laptop or breached database, I find another one to cover. But this troubling trend isn't just a case of "good-for-me-bad-for-you." I, too, have been ensnared in the web of identity theft and data breaches. Where is all this going, and what have we learned?

One of the great things about my job is that there's never a shortage of things to do. This is especially the case when it comes to covering data security. Before the ink is dry on one story about a stolen laptop or breached database, I find another one to cover. But this troubling trend isn't just a case of "good-for-me-bad-for-you." I, too, have been ensnared in the web of identity theft and data breaches. Where is all this going, and what have we learned?In my inaugural podcast, I speak with Ted Julian, VP of marketing for Application Security Inc., and Jon Oltsik, senior analyst for information security with IT analyst firm Enterprise Strategy Group, about the growing problem of data insecurity that really kicked into high gear with the October 2004 fraud committed against data broker ChoicePoint.

The guests on my podcast were very insightful into the problems that both the private and public sector face regarding data protection. Julian was a co-founder of network security provider Arbor Networks and has worked as an industry analyst for IDC and Forrester Research. Oltsik founded Enterprise Strategy's information security group in 2003.

In the few days since the podcast was completed, I had the misfortune of receiving a letter in the mail from a company with the dubious name of Medical Excess LLC. Although I had no idea such a company existed, it turns out Medical Excess works with my company's insurance carrier to provide "excess" insurance coverage for myself and my colleagues. I don't recall asking for this, but OK. Well, not OK. Medical Excess recently had a camera, two laptops, and a file server stolen from one of its offices that, as they phrased it, "might concern personal information about you." Apparently, my info was included in a database with the equivalent of "one hundred million typewritten pages," and I'm now being granted 12 months of free service that will alert me of any unusual financial activity.

As it turns out, Medical Excess is part of a company that goes by the oxymoronic name American International Group Inc. That's right, the very same AIG that my colleague Charles Babcock and I had the pleasure of writing about in the June 26 issue. AIG made news recently when it announced that information about 970,000 individuals was stolen (in MARCH!). Three months later, I and my colleagues at United Business Media, InformationWeek's parent company, were notified. Gee, thanks. I wonder who's been having fun with my personal information in the meantime.

Here we go again. It hasn't even been a year since I sorted out my last problem with ripped-off data and fraud. I think it's safe to say I've dropped any "couldn't happen to me" attitude I might have had. Problem is, I don't see things getting better. Data breaches, identity theft, and fraud have been around almost as long as human beings, but the pervasiveness of the Internet and the market for stolen data have grown such that these crimes now affect thousands, if not millions, of people at a time.

From the look of things, we'll continue to see more data lost or stolen at an alarming rate until companies and the government make it a priority to inventory and protect important data. Support for this will have to come from the top down within companies, since it's the people at the top who have the power to set policy and spend the money needed to improve the situation.

So check out my podcast this holiday weekend while you're grilling up the burgers and the hot dogs. Julian and Oltsik have some interesting things to say about the state of data insecurity and what you can do to protect your company. Have a safe and happy Fourth of July.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16860
PUBLISHED: 2019-11-19
Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an ele...
CVE-2019-16861
PUBLISHED: 2019-11-19
Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated ...
CVE-2014-5118
PUBLISHED: 2019-11-18
A Security Bypass Vulnerability exists in TBOOT before 1.8.2 in the boot loader module when measuring commandline parameters.
CVE-2019-12422
PUBLISHED: 2019-11-18
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
CVE-2012-4441
PUBLISHED: 2019-11-18
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin.