Data-Breach Costs Rising, Study Finds 67
BobB-nw writes to tell us that a recent study of 43 companies that suffered from data breaches last year showed the total cost of dealing with the breach to have risen to $6.6 million per incident. The cost is about $202 per record compromised for first timers, while the repeat offenders seem to have their mojo down and only suffer about $192 per record. With 88% of all data loss cases for 2008 being traced back to insider negligence it's a wonder that a little upfront money isn't being directed at prevention; guess as soon as they idiot-proof it someone will build a better idiot.
BS (Score:5, Insightful)
Well, that's what they told the insurance company.
negligence (Score:3, Insightful)
Re:Sad thing is (Score:2, Insightful)
Although I generally agree that Windows is not the "winner" when it comes to running a server (or any business machine) it must be said that correlation is not causation
At an IT Manager I say this: (Score:5, Insightful)
I find the problem has several facets.
1. Nearly everything requires Windows
2. Too many Windows applications want or require administrator privileges
3. Users like little gadget software so much they think they need them
4. Microsoft Internet Explorer (need I say more?)
Malware is ALWAYS an internal network security problem. You can bullet-proof your web site from intrusion all you like but when the threat comes from an internal machine on your network, you're done for. There are lots of ways to address the problem, but none of them make users or executives happy. For much data processing, I'd like to see a return of the green CRT and keyboard. They don't crash (easily) and don't get infected with malware and keyloggers. Sure, they don't tell you what the weather is outside, but this is sensitive/valuable data being processed. We don't WANT those things connected.
User technology culture is out of hand and does not address technical/functional needs.
Re:"idiot proof" (Score:3, Insightful)
Re:Sad thing is (Score:3, Insightful)
So who will need to pay me if my Linux box get hacked.
And yes a poorly configured/administrator Linux system can get hacked into, just as easily as a Windows system.
The problem is a lot of these places that get hacked have a pathetic Understaffed/underfunded IT team.
If you can get someone who know hows to use Linux they can normally keep a windows network secure too. But more often then you think these companies are run by the guy who currently knows the most about computers at the time and becomes the IT guy by default.
That the case if the person who doesn't know what is going on will choose windows by default without any consideration of other platforms. A good IT person may still choose windows for it advantages over Linux but knows where it is week and works to secure those points.
It isn't the OS it is more who maintains the OS.
Re:Not suprising at all... (Score:3, Insightful)
Great, so to work for you, in addition to Linux/Windows certs, I now need a Johnson Controls cert, journeyman electricians papers, and an endorsement for use of lethal force?
Only if your applying to be a one man security ninja hero or something. It would be far more likely though to have more than one person, each with different areas of expertise.
Do you really want your net admin to carry a gun and/or taser backed up with a hammer? Just sayin...
Not at all. But I also don't want my net security team to be part of the same group that fixes broken PCs either. And the guy in charge of physical security... I don't want him fixing broken toilets, or weeding the flower beds.
That was precisely my original point. That elevating the 'IT department' entirely is a silly move. The people who spend their time finding lost icons for execs, clearing printer jams, and replacing toner and mice, etc actually belong in facilities management reporting to the same guy as the custodial stuff.