Comments on: Data breach incidents are increasing, study shows

An annual survey shows a stark increase in data breaches in 2008, worrisome news as CIOs are asked to make cuts in security spending.

[ManuNamboodiri]

Disclaimer - I work for BitArmor.
Jon- Interesting to note that the difference in number of breaches between larger and smaller organizations is not that huge - does this imply that current security practices being implemented in larger organizations are not doing their job? As you said, an uphill battle indeed - the number of devices increasing, the networks multiplying and data getting even more distributed. I don't think the current approach of protecting mainly the data at rest on devices is working and the numbers seem to reflect that. I believe an information-centric approach of protecting the data itself is the more logical way to address these challenges.

[Identity-Theft-Speaker]

It shouldnt be shocking that things are worse. We've just come off a bullrun of living high, cheap money and easy living. Government, the local carwash owner and even IT is made up of people, many of whom who are fat and lazy and have been asleep at the wheel. The state of security reflects that. Criminal hackers are lean and mean and have had their priority's in order for a decade. www.IDTheftSecurity.com

[jon_collins]

Hi Jon,

Hmm. Agree with the prognosis, but am wondering about the cause. Given that IT has been foisted on our ex-hunter-gatherer cultures and still-evolving brains, is it any wonder that, when we are given in the space of only a few decades, an electronic playground as full of holes and as empty of agreed behaviours that we have today, that the level of data breaches should be so high? I wish I had the answers, but I know (sorry, vendor comments) that technology ain't going to solve the problem by itself. My current philosophy is, 'one-third technology, two-thirds best practice', which feels about right though woudl be difficult to prove scientifically.

Cheers, Jon
Freeform Dynamics
http://www.freeformdynamics.com
http://viewsfromthebridge.wordpress.com/
twitter: jonno

[cbrenton]

Based on my experience in the field, the situation is worse than the numbers here suggest. Remember that the respondent has to actually be aware a data breach occurred and then has to be willing to admit to it to someone outside their organization. Factor these in, and those 50%-60% numbers end up higher. About 7 out of 10 times that I walk into an organization who is sure they are secure, I can find at least one compromised host they didn't know about.

Continuump mentioned looking for solutions, here's what I've found works:
1) Check your firewall logs. Specifically, spend some time looking at outbound traffic flow during non-business hours (both permitted and blocked, *especially* TCP/80). Weed out known patch sites and investigate everything else.
2) Forget about the treadmill that is A/V signature updating and move towards application control, also sometimes referred to as application white listing. I work with sites that see zero malware infections despite the fact that they dumped their A/V solution over a year ago.
3) The target of choice for serious attackers is desktops, not the servers. With this in mind consider deploying HIPS software on every system. Focus on back end management capability rather than slick features. Something that runs as a kernel module works best.

[MChuvas]

Many breaches are occurring due to data being lost by employees, third parties or while in transit. This is one of the areas needing to be controlled....
How do you control who accesses your data once it?s left your physical control? How do you audit what has happened to your information?