No great surprises, but a new survey, Securing Outsourced Consumer Data,commissioned by Experian Data Breach Resolution and conducted by the Ponemon Institute reveals that many organizations (46%) do not evaluate the security and privacy practices of vendors before sharing sensitive or confidential information. The survey polled nearly 750 individuals in organizations that transfer consumer data to third-party…
Category: Commentaries and Analyses
Crowd-sourcing an idea for a law
Thanks to partisan politics and intensive industry lobbying, we have no strong federal breach notification law. This, of course, is not news to my readers. But in light of (1) Congress’s current interest in cybersecurity and sharing of information, (2) the fact that up to 40% of breaches are first detected by members of the…
Should the penalty be for the data breach or for aiding and abetting fraud?
Philip Virgo writes: I have just had interesting feed back from a number of CISOs on my posting on the EU data Protection Directive. Some are still stuck in the past, adding yet more electronic nappies to cope with severe cases of data diarrhoea. Others are seeking to make the transition to a future where attack is…
What can we learn from a statistic that 1 in 4 recipients of breach notification letters become victims of ID fraud?
I haven’t read the new Javelin Strategy & Research report because it’s pricey, but their press release on it contains some of its key findings. Of note: … nearly 1 in 4 data breach letter recipients became a victim of identity fraud, with breaches involving Social Security numbers to be the most damaging. If 1 in…
GAO Report: Americans’ Information Not Adequately Protected by Census Bureau
Kevin Glass reports: The Government Accountability Office released a report this week with a scary conclusion: The Census Bureau, tasked with collecting personal information on every single American, has not adequately protected this data. Specifically, the GAO found, the Census Bureau is not fully prepared in cybersecurity, making Americans’ information vulnerable to hackers. Read more on TownHall.com.
Trustwave: Detection of intrusions can sometimes take two years
Dan Raywood has a piece in SC Magazine about how long it takes to detect breaches: Companies are still failing to detect data breaches and hacking incidents, with outsiders getting access and sitting on the corporate network for up to two years in some cases. According to the Trustwave 2013 global security report, organisations fail…