It’s been an interesting week in “Breachland,” with reports of breaches in all sorts of places: eyewear companies, auto dealerships, Universities with “password-protected laptops,” Dallas City Hall, and, unfortunately, a big German Bank.
We are already statistically well past any previous year’s statistics for number of break-ins, laptop losses, backup tapes stolen, and internal employee data theft.
And yet I still see organizations that blithely ignore data on laptops, don’t monitor or encrypt their backup tapes, and have firewall rules that are like Swiss cheese.
Security costs money. Organizations struggling to meet payroll don’t have the willingness to allocate resources to address logical security issues. “It hasn’t happened here!”
It will. The big businesses make it harder (not impossible, just harder) to hack in from the Internet, but small businesses online are becoming the focus of cybercrime cartels. Especially if those businesses have a back-door connection to much bigger organizations.
Many large organizations outsource their data to third party service bureaus, marketing firms, or connect via an Extranet. If the small organization has weak security, it provides access to the back door of the larger one. Something to think about.