BreachExchange mailing list archives
Plug the holes in your cone of silence
From: security curmudgeon <jericho () attrition org>
Date: Wed, 30 May 2007 05:29:35 +0000 (UTC)
Courtesy ISN: ---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.theage.com.au/news/security/plug-the-holes-in-your-cone-of-silence/2007/05/28/1180205158743.html By Cynthia Karena May 29, 2007 DATA loss is a significant factor in modern business, dependent as it is now on electronic systems. And it occurs in many ways, some inadvertent, some through stupidity and some criminal. One organisation accidentally puts its sensitive market research report online before it has been approved; another can't find data that has been requested by a government department. Others lose laptops, unwittingly send confidential information in emails, or give contractors too much access to internal data. This is lost data and its impact on a business can range from financial loss, to damage to its reputation, potential loss of customers, or even imprisonment if there is a breach of corporate governance. [..] And then there is the human factor. "Data loss occurs primarily because of people," says Mr Baar. "Most information loss is through inappropriate behaviour - someone talking about it in the pub or a lift, for instance. People could go to a cafe with, say, patient records and leave them behind." [..] "Everybody always underestimates the likelihood of data theft. It is usually unreported, which (distorts data on occurrences) but given the choice of attempting to hack an organisation from the outside or getting inside to its soft centre, you would always take the easiest option. External hacking is uncommon now, because it is too difficult. It's easier to find an insider through money or threats," Mr Baar says. What about disgruntled employees taking information with them when they leave the company? Mr Lancaster says data needs to be locked down. Departments should be able to retrieve only their own documents. Finally, says Mr Walls, organisations should not reveal their security controls to their own personnel. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 208 million compromised records in 675 incidents over 7 years.
Current thread:
- Plug the holes in your cone of silence security curmudgeon (May 30)