BreachExchange mailing list archives
Re: [Dataloss] E-mail Causes Most EnterpriseData Loss
From: "Al" <macwheel99 () wowway com>
Date: Mon, 30 Aug 2010 18:31:11 -0500
There are many kinds of breaches. What we see via Dataloss is a sub-set of the whole. Dataloss seems more concerned with those that involve significant volume of individual people's private data, not leakage of confidential corporate data through social media. But the fact remains that many breaches occur because some employee sends via e-mail an attachment listing info on many customers, including bank account info. It is human error. It happens a lot. Much of it could be prevented by outbound email security. Many companies have inbound email security because malware has been a problem for decades. Outbound email security deals with a different set of risks, where top management in deciding what kind of security to fund, is less aware exists, let alone what the risks are. Here's such an incident on dataloss from a year ago: http://datalossdb.org/incidents/1957-student-names-e-mail-and-home-addresses -phone-and-social-security-numbers-and-dates-of-birth-accidentally-emailed-t o-wrong-recipients Here's about 100 such incidents. http://datalossdb.org/search?breach_type[]=Email <http://datalossdb.org/search?breach_type%5b%5d=Email> The last major event of this kind with high news coverage was when a Rocky Mountain Bank employee sent an Excel with info on many customers to an unknown gmail account. It was not encrypted. The employee should have sent the info on only one customer to a known account, made several errors, then sent a request to the unknown account, heard nothing. The bank got a judge to freeze that account, have Google confirm destruction. There's no evidence the bank checked with anywhere else the data traveled, such as ISPs in between. Here's a discussion of that incident to refresh your memory, with links to related stories: http://blogs.techrepublic.com.com/itdojo/?p=1031 - Al Mac _____ From: dataloss-discuss-bounces () datalossdb org [mailto:dataloss-discuss-bounces () datalossdb org] On Behalf Of Uzi Yair Sent: Monday, August 30, 2010 5:12 PM To: security curmudgeon Cc: dataloss-discuss () datalossdb org; dataloss () datalossdb org Subject: Re: [Dataloss-discuss] [Dataloss] E-mail Causes Most EnterpriseData Loss This report is a waist of valuable reading time but an attempt of a vendor to promote email security. There are 65,535 ports and they are saying the email causes most data loss. I have been monitoring this group for a long while. I do not recall the last time there was an event from an email violation. If indeed corporation were monitoring all 65,535 ports, then I would be less skeptical. Regards, Uzi Yair| uyair <mailto:uyair () gttb com> @gttb.com <mailto:uyair () gttb com> 5000 Birch Street, Suite 3000| Newport Beach, CA 92660 direct: 949 783-3359 | www.gtbtechnologies.com On 8/30/2010 1:31 PM, security curmudgeon wrote: http://www.informationweek.com/news/security/vulnerabilities/showArticle.jht ml?articleID=227101707 <http://www.informationweek.com/news/security/vulnerabilities/showArticle.jh tml?articleID=227101707&subSection=News> &subSection=News E-mail Causes Most Enterprise Data Loss Breaches associated with social media, video sharing, blogs are also on the rise, finds Proofpoint study. By Alison Diana InformationWeek August 30, 2010 11:07 AM Although e-mail continues to be the primary source of data-loss risk at enterprises, the number of data-loss events associated with social media tools -- and related disciplinary actions -- continues to grow, a new study found. In fact, 35% of large enterprises have investigated a leak of confidential, sensitive, or proprietary data via e-mail in the past year, according to a study of 261 large businesses by Osterman Research for Proofpoint. And 25% of the U.S. companies surveyed had looked into the exposure of such information via a blog or message board, compared with 18% in 2009, the study found. One-fifth of businesses looked into similar postings on a social networking site such as Facebook or LinkedIn, according to the report. Last year, 17% of enterprises took this step, the study found. In addition, 18% of U.S. enterprises investigated postings on media-sharing sites such as YouTube and Vimeo, while 17% looked into data exposure on SMS text or web-based short message systems such as Twitter, according to Proofpoint. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.851 / Virus Database: 271.1.1/3102 - Release Date: 08/30/10 13:34:00
_______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- E-mail Causes Most Enterprise Data Loss security curmudgeon (Aug 30)
- Re: [Dataloss] E-mail Causes Most Enterprise Data Loss Uzi Yair (Aug 30)
- Re: [Dataloss] E-mail Causes Most EnterpriseData Loss Al (Aug 30)
- Re: [Dataloss] E-mail Causes Most Enterprise Data Loss Uzi Yair (Aug 30)