@Risk

Here’s a remarkable statistic: Among the more than 900 electronic records breaches that Verizon Business experts investigated last year, a whopping 96 percent could have been avoided if security basics had been followed.

That’s right. Nearly all of these breaches could have been avoided; only 4 percent of the breaches analyzed required difficult and expensive protective measures. In addition, most victimized organizations (87 percent) had evidence of a breach in their security logs, but overlooked these red flags due to a lack of staff, tools or processes.

The new 2010 Verizon Data Breach Investigations Report , which for the first time was prepared in collaboration with the US Secret Service, is filled with other fascinating results, too –all of which offer some important perspective about the vulnerability of business data and the most effective approaches for mitigating cybercrime threats.  For instance, the report also reveals that: (more…)

Corporate boards and senior executives are becoming increasingly disconnected from their organizations’ security and privacy decisions, according to new research from Carnegie Mellon University’s CyLab.

That’s more than a little disheartening to hear, considering that cyber attacks are increasingly common and increasingly effective. In fact, Symantec now estimates that attacks like these cost businesses an average of $2 million per year. They cause loss to productivity, efficiency, revenue, and customer trust.

CyLab’s new research, which follows up on a 2008 study, included a survey of 66 business execs at the board or senior executive level from Fortune 1000 companies. Based on the data collected, CyLab was able to uncover several disturbing trends. For example: (more…)

Last month, CBS news released an investigative report that exposed data security risks associated with today’s high-end digital copiers.

To sum it up, here’s the problem that’s uncovered in the report: Because these copiers use flash memory or hard drives to store scanned information, any document that’s copied on them –tax records, pay stubs, etc. –is saved within the machine.

Of course, when a company decides to resell or recycle an old copier, it can overwrite the local memory drives. Or, it can remove the drive completely. But, is that what companies typically do? Is that what your company does?

Those are intriguing questions. They’re so intriguing in fact, that now the Federal Trade Commission has become involved.

Congressman John Markey wrote to the FTC to voice his concerns about privacy risks associated with the use of digital copiers. Last week, the FTC responded. From the FTC letter:

The FTC is aware of reports regarding the privacy risks associated with the use of digital copiers. Like you, we also are concerned that personal information can be so easily retrieved from copiers, making it vulnerable to misuse by identity thieves. As you point out, businesses and government agencies should ensure that the information on the hard drives in digital copiers are wiped clean of personal information after the conclusion of use.

The FTC says it is reaching out to copier manufacturers, resellers and retail copy and office supply stores to ensure that they are aware of the risks and to ensure that they provide appropriate education on this subject to their clients. In addition, the FTC is reviewing its educational materials to see if there are ways it can supplement its guidance to both businesses and consumers on this issue.

Keeping data secure is an on-going challenge for both individuals and businesses –and a constant headache for those trying to mitigate risks. You can learn more about how to deter, detect and defend against identity theft at the FTC website.

Earlier this week, in keeping with the Obama administration’s renewed commitment to transparency, White House Cybersecurity Coordinator Howard Schmidt directed the release of a summary description of the largely classified Comprehensive National Cybersecurity Initiative.

(This initiative, officially known as the National Security Presidential Directive 54 and Homeland Security Presidential Directive 23, was originally established by the Bush administration back in January 2008.)

The five-page declassified document outlines twelve major proposals designed to help secure the United States in cyberspace, and it’s significant that among this list of a dozen priorities there’s recognition of the growing risks associated with today’s complex global supply chains, particularly those in the commercial information and communications technology marketplace.

From the summary description: (more…)

Having a hard time waking up this Monday morning? Here are a few alarming statistics that I think may provide just the jolt you need:

Last month, Symantec  Corp. surveyed 2,100 enterprise CIOs, CISOs and IT managers from 27 countries and found that a whopping three-fourths of them had experienced cyber attacks in the past 12 months. More than one-third (36 percent) rated the attacks somewhat/highly effective, and worse still, more than one-quarter (29 percent) reported attacks have increased over the past year.

These attacks cost enterprise businesses an average of $2 million per year, and when you put all of this information together,  it’s no surprise that the 2010 State of Enterprise Security study also found that 42 percent of the survey respondents rate security as their top issue. (See graphic above.)

In addition, Symantec discovered that: (more…)