BreachExchange mailing list archives
(semi-OT) The struggle to protect enterprise data
From: lyger <lyger () attrition org>
Date: Tue, 26 Jun 2007 22:34:21 +0000 (UTC)
From security curmudgeon (jericho_at_attrition.org)
From: InfoSec News <alerts () infosecnews org> http://www.infoworld.com/article/07/06/25/26FEdataprotection_1.html By Matt Hines June 25, 2007 Long ago, when businesses kept sensitive information locked away in file cabinets and safes, it was relatively cheap and easy to store valuable data and control who had access to it. Today, enterprises invest millions in security, storage, and compliance technologies -- all in the name of increasing visibility into where vital electronic information lives and how it is being defended. Despite those efforts, most experts and customers admit that in most companies the process of tracking down every piece of valuable company data -- and applying the appropriate tools to shield information from unwanted access or misuse -- remains in its beginning stages. The heart of the matter is visibility. Enterprises feel uncertain whether todays technologies are providing an accurate sense of where things stand or are merely creating a false sense of security. Seeing blind spots When forensic experts called in by businesses to investigate external data breaches and insider threats tell their stories, the traumatic events that lead to brand-trashing headlines and regulatory punishment are most often based in the business lack of knowledge of where its sensitive data is. Enterprises are improving their ability to safeguard the stockpiles of sensitive information they know about, admit investigators, but many remain blind to additional stores of important data or the flawed processes they use to transmit information electronically. Both problems leave them vulnerable to leaks and attacks. "In almost every case we've investigated where companies have experienced a serious data breach, the reality is that the companies didn't know they had the information where it was stolen from until it's too late and the data has been taken," says Bryan Sartin, vice president of investigative response at Cybertrust, a provider of managed security services that lists risk assessment among its specialties. [..] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 209 million compromised records in 706 incidents over 7 years.
Current thread:
- (semi-OT) The struggle to protect enterprise data lyger (Jun 26)