Re: [Dataloss] E-mail Causes Most EnterpriseData Loss

["Al" <macwheel99 () wowway com>]

There are many kinds of breaches.  What we see via Dataloss is a sub-set of
the whole.

 

Dataloss seems more concerned with those that involve significant volume of
individual people's private data, not leakage of confidential corporate data
through social media.  But the fact remains that many breaches occur because
some employee sends via e-mail an attachment listing info on many customers,
including bank account info.  It is human error.  It happens a lot.  Much of
it could be prevented by outbound email security.  Many companies have
inbound email security because malware has been a problem for decades.
Outbound email security deals with a different set of risks, where top
management in deciding what kind of security to fund, is less aware exists,
let alone what the risks are.

 

Here's such an incident on dataloss from a year ago:

http://datalossdb.org/incidents/1957-student-names-e-mail-and-home-addresses
-phone-and-social-security-numbers-and-dates-of-birth-accidentally-emailed-t
o-wrong-recipients 

Here's about 100 such incidents.

http://datalossdb.org/search?breach_type[]=Email
<http://datalossdb.org/search?breach_type%5b%5d=Email>  

 

The last major event of this kind with high news coverage was when a Rocky
Mountain Bank employee sent an Excel with info on many customers to an
unknown gmail account.  It was not encrypted.  The employee should have sent
the info on only one customer to a known account, made several errors, then
sent a request to the unknown account, heard nothing.  The bank got a judge
to freeze that account, have Google confirm destruction.  There's no
evidence the bank checked with anywhere else the data traveled, such as ISPs
in between.  Here's a discussion of that incident to refresh your memory,
with links to related stories:

http://blogs.techrepublic.com.com/itdojo/?p=1031 

 

-

Al Mac

  _____  

From: dataloss-discuss-bounces () datalossdb org
[mailto:dataloss-discuss-bounces () datalossdb org] On Behalf Of Uzi Yair
Sent: Monday, August 30, 2010 5:12 PM
To: security curmudgeon
Cc: dataloss-discuss () datalossdb org; dataloss () datalossdb org
Subject: Re: [Dataloss-discuss] [Dataloss] E-mail Causes Most EnterpriseData
Loss

 

This report is a waist of valuable reading time but an attempt of a vendor
to promote email security.
There are 65,535 ports and they are saying the email causes most data loss.
I have been monitoring this group for a long while.  I do not recall the
last time there was an event from an email violation. 
If indeed corporation were monitoring all 65,535 ports, then I would be less
skeptical.

Regards,

Uzi Yair| uyair <mailto:uyair () gttb com> @gttb.com <mailto:uyair () gttb com> 

5000 Birch Street, Suite 3000| Newport Beach, CA 92660
direct: 949 783-3359 | www.gtbtechnologies.com





On 8/30/2010 1:31 PM, security curmudgeon wrote: 

 
http://www.informationweek.com/news/security/vulnerabilities/showArticle.jht
ml?articleID=227101707
<http://www.informationweek.com/news/security/vulnerabilities/showArticle.jh
tml?articleID=227101707&subSection=News> &subSection=News
 
E-mail Causes Most Enterprise Data Loss
 
Breaches associated with social media, video sharing, blogs are also on 
the rise, finds Proofpoint study.
 
By Alison Diana
InformationWeek
August 30, 2010 11:07 AM
 
Although e-mail continues to be the primary source of data-loss risk at 
enterprises, the number of data-loss events associated with social media 
tools -- and related disciplinary actions -- continues to grow, a new 
study found.
 
In fact, 35% of large enterprises have investigated a leak of 
confidential, sensitive, or proprietary data via e-mail in the past year, 
according to a study of 261 large businesses by Osterman Research for 
Proofpoint. And 25% of the U.S. companies surveyed had looked into the 
exposure of such information via a blog or message board, compared with 
18% in 2009, the study found.
 
One-fifth of businesses looked into similar postings on a social 
networking site such as Facebook or LinkedIn, according to the report. 
Last year, 17% of enterprises took this step, the study found. In 
addition, 18% of U.S. enterprises investigated postings on media-sharing 
sites such as YouTube and Vimeo, while 17% looked into data exposure on 
SMS text or web-based short message systems such as Twitter, according to 
Proofpoint.
 
[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
 
Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
 
 

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.851 / Virus Database: 271.1.1/3102 - Release Date: 08/30/10
13:34:00

_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php