The Business-Technology Weave

Sep 25 2012   1:59PM GMT

94 MILLION Personal Files Exposed: Sobering Statistics Regarding Data Breach

David Scott David Scott Profile: David Scott

According to security firm Rapid 7, approximately 94 million personal files of Americans have been exposed by government agencies since 2009 – those that we know about, that is.

There are likely even more, given the fact that many states do not require agencies to report breaches.

As to the Feds:  According to a recent Government Accounting Office (GAO) report, 18 of 24 surveyed Federal agencies had poor security controls, deemed not of sufficient standards for securing our personal information.

Private business has nothing to brag about either.  Breaches were up 58% in 2011 over 2010, and 2012 will beat last year.

None of this surprises me:  From a recent visit, I know for certain that a certain high-profile Fortune 100 firm simply does not enforce their policy requiring all users to log out of computer systems at end-of-day, or during extended absences from their desks/work areas.  It’s rather extraordinary:  People who are gone for the day remain logged in throughout the office, with a variety of proprietary, confidential, client, and personal information displayed.  So much for systems that employ individual and group securities, and associated access/enablements.  (Lest anyone wonder why automatic logouts are not employed, I wonder too). 

IdentityForce ™ estimates that 86% of data breaches are not IT-related (that is, due to faults within IT systems, processes, or protections), but rather are due to remises of policy and training. 

It has always been my view that matters of human error, and simple lack of care, are the better part of so-called “breaches” – and in those instances are better described as data exposures.  Regardless, organizations seem to be at increasing risk, rather than decreasing, for allowing sensitive data to reach the wrong parties. 

Is your organization at risk?  It’s time for a survey – even if you feel you’re fairly tight.  Survey your environment, and you can pretty much figure that your Acceptable Use, Security, and Disaster Recovery plans, policies and postures are due for modernization and updating. 

Then train your personnel for appropriate behaviors and contingencies…  essentially, today, everyone should be a virtual security officer…

Keep this important BTW tenet in mind:  In the realm of risk, unmanaged possibilities become probabilities.   

2  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • ToddN2000
    With PC features like screen savers that require a password to wake up and the IBM I-series system value for setting the inactivity timer to log someone off the system, there is no reason not to tighten up theses avenues for preventing unauthorized use of another PC. The rules just need to be enforced. I would gladly take an extra 10 seconds to key in a password to log back in knowing my data was secure. 
    122,240 pointsBadges:
  • 94 MILLION Personal Files Exposed: Sobering Statistics Regarding … « umygecobym
    [...] Source: [...]
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: