informa
Commentary

Data Breaches WAY Up In 2008; 90% Of Them Easily Preventable

According to a new Verizon study, 2008 saw more instances of data breaches than the preceding four years combined. And considering how easily most of those breaches could be prevented -- but weren't -- my guess is that 2008 won't hold the record for long.
According to a new Verizon study, 2008 saw more instances of data breaches than the preceding four years combined. And considering how easily most of those breaches could be prevented -- but weren't -- my guess is that 2008 won't hold the record for long.The new Verizon Business Security Solutions study of data breaches found 285 million individual records compromised as a result of 90 confirmed breaches.

The vast majority of the breaches, according to the study, stemmed from servers and applications, not desktops or mobile devices.

And a whopping 90% of the breaches could have been prevented by implementing and following standard, basic, fundamental security practices and procedures.

We're talking the real basics here, folks:

Change default credentials

Don't share credentials

Patch immediately and comprehensively upon patch availability

Review user accounts regularly

Terminate IT access thoroughly when employees are terminated

Log and monitor Web and application access

This stuff is so fundamental that the fact that it's not in place among the organizations breached is a reminder of just how lax, how sloppy, and how vulnerable our records are at some businesses.

Not yours, one hopes. Small and midsized businesses can learn a lot from the bigbiz mistakes that enabled (sic) the record number of breaches last year (a record that, my bet is, will probably be broken this year)

Take some time, now, to review your security practices, procedures, and policies from the ground up, making sure that all your fundamentals are in place.

And once that's done, keep an eye on them.

The complete Verizon Data Breach Report is here.

And speaking of fundamentals, bMighty's upcoming online event exploring Security On A Budget will be looking at affordable, practical ways for small and midsized businesses to implement and maintain the very sorts of security fundamentals (and more) discussed above. Register now:

bMighty bSecure is a virtual event designed to help your company stay secure in the most cost-effective way possible. bMighty and InformationWeek editors will bring together SMB security consultants, analysts, and other experts, along with real IT execs and users from small and midsize companies to share the secrets of keeping your company secure without breaking the bank.
REGISTER NOW!

Recommended Reading: