David Richardson reports: A new survey published today by DataSolutions, Ireland’s leading value-add IT distributor, found that 14,000 Irish businesses have had their data compromised. Over 200 Irish IT executives were quizzed, and the survey examined their main security concerns. It was split into two parts, intrusion prevention from external threats and data loss caused…
Category: Commentaries and Analyses
Why Data Security Regulation is Bad
Danny Lieberman comments: The first government knee-jerk reaction in the face of a data breach is to create more government privacy compliance regulation. This is analogous to shooting yourself in the foot while you hold the loaded weapon in one hand and apply band-aids with the other. Democracies like Israel, the US and the UK…
Senate in search of consensus on data breach notification law may try a backdoor approach
Tony Romm writes: Congress failed to pass a new federal law last year requiring the litany of companies affected by data breaches — from gaming giant Sony to shoe e-tailer Zappos — to notify consumers. But now some lawmakers believe they have a new route for passage: the Senate’s upcoming cybersecurity reform bill. Read more…
Data breach notification proposal placed on Senate calendar
Senator Feinstein’s proposed data breach notification law, Data Breach Notification Act of 2011 (S. 1408) has been placed on the Senate Legislative Calendar under General Orders. Calendar No. 310. The bill, which I have criticized in both its past and current incarnations is an incredibly weak bill that would provide little information to affected consumers, uses vague…
Data breach? Blame your third party’s remote access systems
Ellen Messmer reports: An in-depth study of data-breach problems last year where hackers infiltrated 312 businesses to grab gobs of mainly customer payment-card information found the primary way they got in was through third-party vendor remote-access applications or VPN for systems maintenance. “The majority of our analysis of data-breach investigations — 76% — revealed that the third-party responsible for…
More breaches caused by staff than hackers
From InfoSecurity: The 2012 data protection survey undertaken by the Irish Computer Society (ICS) shows that a higher number of data breaches are the result of internal failures and lack of awareness than are the result of external theft. The survey involved more than 300 Irish IT administration and management staff and was undertaken in…