IT Security Breaches Soar In 2009

slak11 quotes from a Globe and Mail article on the jump in corporate and government security breaches year-over-year. (The reporting is from Canada but the picture is probably much the same in the US.) "This does not seem to be all that newsworthy these days, since stories like this are appearing on a regular basis. The one detail I did like — that seems to break from the traditional 'hackers cause all the bad stuff' reporting — is the mention that everyday employees are a major cause of breaches. The recent Rocky Mountain Bank/Google story is a perfect example. As stated in the article: 'But lower security budgets aren't the only reason breaches tend to soar during tough economic times — employees themselves can often be the cause of such problems.' I figure this will be an ongoing problem until company management and employees accept their role in keeping company information safe. And IT people need to understand that regular employees are not propeller-heads like Slashdot readers, and to begin to implement technology and processes that average people can understand and use."

Re:Oh no!

[plover]

Aha, I found that they have "number of records" metrics, too, as long as you're willing to harvest them out of their reports.

2009 YTD:
Total Incidents: 330
Total Records Affected: 138,772,156

2008:
Total Incidents: 703
Total Records Affected: 85,843,506

2007:
Total Incidents: 484
Total Records Affected: 165,184,031

2006:
Total Incidents: 530
Total Records Affected: 51,142,868

2005:
Total Incidents: 140
Total Records Affected: 55,988,256

So 2009 is indeed a "severe" year in terms of records lost. Again, though, these are totals of all reportedly lost data, regardless of how the data went missing. A backup tape with 100,000 records lost in a dumpster counts equally with a hacker stealing 100,000 credit cards from a web site, even though one loss clearly places the data at a higher risk for fraudulent use than the other.