in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Drive Encryption: Data Lost In Transit Is Now #2 Reason For Data Breaches

According to the Identity Theft Resource Center, hacking is now the leading cause of data breaches followed by data lost in transit (laptops, external storage devices, USB flash disks, etc) and insider theft (#2 and #3, respectively).  All the more reason why encryption software should be used.

419 Publically Disclosed Breaches in 2011

According to informationweek.com, the Identity Theft Resource Center (ITRC) compiled the numbers of all 419 publically disclosed breaches in 2011 and found that the number one reason for a data breach was hacking (26% of all incidents) followed by "data on the move" (18%) and insider theft (13%).

While the report hasn't been released yet (informationweek.com got an advance copy), I think the report could be slightly contentious based on one passage:

Last year, data breaches triggered by hacking--defined by the ITRC as "a targeted intrusion into a data network," including card-skimming attacks--were at an all-time high, and responsible for 26% of all known data breach incidents. [my emphasis]

I'd still have to wait for the report to see the details, but I'm left wondering if card-skimming is really hacking.  It certainly fulfills the condition of being "a targeted intrusion into a data network" since ATMs are the public-facing endpoints of a network (banking, that is).  And it certainly is hacking, in the most traditional sense.

And yet, it just doesn't feel like it should be lumped in there with the likes of the Sony data breach, which I'm sure is included in that category (biggest hacking incident in 2011).

For one, the data was breached prior to it being entered into a network, or as it was being entered into a network.  That is, it's not a case where the hackers obtained customer information because a company had weak security in place. Plus, it doesn't even have to occur at the ATM.  For example, a rogue restaurant waiter network that uses tiny all-in-one card readers (such as in this demonstration) can easily cause a massive breach).

On the other hand, a data breach is a data breach no matter how, where, and when it happened, or whose lack of security awareness was being exploited.

Why is This a Problem?

Why does this matter?  News organizations are bound to run with the headline, since it's the first time hacking is #1.  Since people in general don't read the nitty-gritty details, people might make the unfortunate assumption that they should invest in hacking prevention solutions at the expense of other areas, such as using encryption software on laptop computers.

The thing is, the difference between 26% and 18% is not so vast that companies ought to be considering investing more in one area over another.  I can't blame ITRC for compiling its results in the manner it has, though.  Their focus is on providing "victim and consumer support as well as public education."  So, it makes sense for them to lump certain categories together, and guide the conversation as to what people should be looking out for, in order to protect themselves.

I'll follow up to see if my concerns are unfounded in a future post.

Related Articles and Sites:
http://www.informationweek.com/news/security/attacks/232400252

 
<Previous Next>

Drive Encryption Software: 1/5 Of Breaches Occur By 3rd Party Recovery Services

Data Encryption Software: Yet Another Article on Yet Another Authentication Scheme

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.