IT Security Breaches Soar In 2009 65
Posted
by
kdawson
from the inside-jobs dept.
from the inside-jobs dept.
slak11 quotes from a Globe and Mail article on the jump in corporate and government security breaches year-over-year. (The reporting is from Canada but the picture is probably much the same in the US.) "This does not seem to be all that newsworthy these days, since stories like this are appearing on a regular basis. The one detail I did like — that seems to break from the traditional 'hackers cause all the bad stuff' reporting — is the mention that everyday employees are a major cause of breaches. The recent Rocky Mountain Bank/Google story is a perfect example. As stated in the article: 'But lower security budgets aren't the only reason breaches tend to soar during tough economic times — employees themselves can often be the cause of such problems.' I figure this will be an ongoing problem until company management and employees accept their role in keeping company information safe. And IT people need to understand that regular employees are not propeller-heads like Slashdot readers, and to begin to implement technology and processes that average people can understand and use."
Mafiaa and "terrorists" (Score:5, Interesting)
Really, even if you amalgamate enough talent to become 1/4 of a state actor in terms of budget / knowledge, you could make all kinds of money, XSS, SQL injection, social engineering, etc. I'm really surprised we haven't seen a major IT heist yet.
Re:Oh no! (Score:3, Interesting)
Oh no! This is nothing like fact-based reporting, either.
Look at the graph on the banner of OSF Dataloss [datalossdb.org]. That banner, right across the top, shows the number of reported incidents, month by month, since Feb 2007. The 2007 average seems to be in the mid-40s. The 2008 average seems to be about 60 per month. The 2009 bar graph is steadily sloping downwards, starting from a high of 61 incidents in Feburary dropping down steadily to 23 last month and 16 this month.
To be a bit more factual, you can visit the statistics. [datalossdb.org] That shows the progression from 2005-2009 looking like this:
2005 140
2006 530
2007 484
2008 703
2009 331
Nothing in the statistics even remotely seems as bad as last year, and this year's pace seems to be trending towards even fewer breaches than 2006's level.
I call shenanigans on this report!
From My Experience (Score:3, Interesting)
It seems draconian but once they get used to not going to Facebook or eBay or playing Elf Bowling during work the whining settles down. Oddly enough most of the grumbling comes from the PhDs (who should fucking well know better) and not the administrative staff.
User education helps but only to a narrow limit and degrades fast. You need to make internal security breaches an overt hostile act, which in normal commercial companies is extremely hard to prevent without also retarding the ability to get work done.