in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Drive Encryption Software: UK Companies Report 356 Data Breaches In Less Than One Year

A Freedom of Information request has revealed that UK CIOs have reported 356 instances of data breaches since November 2008.  Of these, 222 instances (60%) would have been fully preventable via the use of drive encryption like AlertBoot.

The 222 instances I mentioned include the loss or theft of hardware (memory sticks, laptops, etc.) and any instances where packages were lost in transit (such as by couriers).  The story has had enough of an impact that several sites are covering the story.

Self Reported And Increasing Instances

The breaches are self-reported, so it stands to reason that the figures are underreported, either because companies don't want the publicity--and think they can get away with it--or because they're not aware of a breach, or the legal requirements to report it.

The FOI request also showed that there were 546 total incidences beginning from October 2007.  Simply put, the total incidents have increased on an annual basis.

Tim Holyoake, lead technologist at Software AG, the company that requested the information, noted, "The chronic problem of data loss should be in decline, and not increasing, as these figures seem to indicate."

Personally, I beg to differ.

These Are Increases In Reporting

As noted before, these numbers are self-reported, so there could be other factors for their increasing numbers.  For example, actual breaches (regardless of whether they are reported) could be approximately the same, year after year, but,

  • More people have decided to become honest recently (not likely)
  • More people have become aware of the legal responsibility of reporting breaches (much more likely)

Of course, asserting that actual breaches have increased is as valid as the above (maybe even more so).  But, when you consider that it was only two years ago that laptops outsold desktops, it could just be that breach incidents are increasing because laptops and memory sticks are selling like hotcakes.

In other words, if one million laptops were sold and there were 100 breaches one year, and the next year two million laptops were sold and there were 300 breaches...well, the rates are the same, at 0.01%, even if the actual numbers are not (remember, in this example, there's about three million laptops out there in total).  I'm not saying that it's justifiable, but one could argue it's not an increase per se.

There's also the problem that we're only measuring breaches in the above case.  Meaning instances where stolen laptops that used encryption to protect its contents are not factored in.  With more devices being sold each year, we've biased the report to show increases in breaches: the actual rates, when including protected devices, could reveal opposite trends--that is, the loss of laptops have increased, but because a majority of them used encryption, the number of potential breaches are not as bad as it could actually be.  (Yeah, it's probably wishful thinking.)

I won't argue, though, that I'd like to see more companies using data protection tools like encryption software in anticipation of any breaches, instead of deploying it after they've had a breach.

Related Articles and Sites:
http://www.theregister.co.uk/2009/10/27/data_losses_growing/
http://www.infosecurity-magazine.com/view/4800/uk-cios-reported-356-data-loss-incidents-last-year/
http://www.computerweekly.com/blogs/read-all-about-it/FOI-Request-Software-AG-26-Oct.pdf
http://www.computerweekly.com/Articles/2009/10/26/238297/stolen-laptops-biggest-danger-as-extent-of-uk-data-losses.htm

 
<Previous Next>

Data Encryption Software: CalOptima Loses Unencrypted CDs

North Carolina Data Privacy, Data Breach, And Encryption Law

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.