Monday, December 31, 2007

2007 Worst Year Ever For Breaches

According to this story today in the Associated Press, 2007 has been the worst year yet for data breaches. Interestingly, the breaches have increased despite more sophisticated firewall and encryption technology being used by companies and organizations.

That's interesting. Or is it?

The article cites the two main organizations that monitor data breaches, the Identity Theft Resource Center and Attrition, who say a good part of the problem isn't technology, it's people. People at organizations mishandling sensitive customer data, like Social Security Numbers, on computer systems -- rather than hackers breaking in. That includes lost laptops.

No real news here. This is what I've been saying all along. IT security is only partly about technology. It's also about people.

Though not mentioned in the AP article, there's also an excellent parade of data shame at the Privacy Rights Clearinghouse.


Post a Comment

<< Home