I Need a Really Big Stick

The Ponemon Institute (I keep wanting to say Pokemon, don’t you?) is about to release it’s fourth annual study on data breach activity.

What differentiates this report from the study provided by McAfee? Well, for starters, it’s not a security company telling us we should buy more security products. I have learned to tune out reports from vendors over the years; there’s just a little too much self-interest at play.

The other interesting thing is that the Ponemon study looks at the activities of companies that have admitted a data breach. So their study uses harder data and is based on corporate activity (or lack of it, as it turns out) in response to a breach.

Here’s a couple of quotes that rocked me:

More than 84 percent of all cases examined by Ponemon were repeat data breach offenders.

Hello? When did losing data become repeatable? And acceptable? And what about responding to the breach? Here’s the other statement:

Only 49 percent of respondents are creating additional manual procedures and control processes

So the other 51% are doing the same things they did that got them hacked in the first place. No wonder there are repeat offenders.

It is time to acknowledge that these breaches are not isolated incidents that happen by chance, but more likely a pattern of poor controls.

Where’s a really big stick when I need one?