Data Security Syndicate This

Topic Description

Data Loss Prevention: Historical and Current Perspectives

By Jeff Debrosse, Research Director, ESET , 03/09/2009

Print this article Email this article Talk Back! Write to Editor

Untitled Document

Data loss prevention. It's come to be one of the terms that we have become unusually familiar with. Data loss prevention isn't about the outright cessation of the loss of personal records; it's about reducing the risk to an acceptable level. There isn't a quadrant in health, finance, construction or any other sector that doesn't have some measure of risk. When the frequency and cost of data breaches outweigh other security concerns, it is time to reassess the risks.



If we take a look at 2008 we can clearly see that it was a year of unprecedented events. From a security perspective let's look at data breaches. The amount of records containing sensitive personal information that were involved in data breaches (in the U.S.) in the last three years also falls under the "unprecedented" category -- approximately 250 million records. Last year alone 38 million records accounted for part of that number. In 2007 there were over 127 million records involved in data breaches.

A point to keep in mind is that the number of records involved in data breaches are either under-reported or, in some cases, not reported at all. A trend that I've seen is that corporations are facing greater financial risk from insufficient controls and unclear policies. Problems also arise when controls are put in place before the policies are written or completed -- the controls are designed to be put in place to enforce policies.

With respect to data loss, increasing penalties as well as increased transparency, or at least opaqueness (limited transparency), are two paths that have been cited time and again in regard to increasing corporate responsibility.

Another topic to consider is preventing breaches. Even in corporations that have well-written policies and effective controls, the percentage of data breaches that occur due to human error is still above 80 percent.

I'd like to take some time to dissect a data breach that occurred in 2008 which involved the exposure/release of 4.2 million records. As in the aviation world, when there is an accident it is referred to as a "chain of events" or the "error chain." These terms simply mean that multiple factors, rather than a single one, lead to an accident. The same can be said for security incidents or such as data leakage. Take, for instance, the case of the Maine-based Hannaford Brothers grocery stores. Let's look at this chain of events:

  1. The supermarket chain reported to Massachusetts Regulators that the scope of the malware infections appears to be larger than anything that is remotely possible. It is Hannaford's belief that a "trusted" source had physical access to the servers.
  2. A trusted source with administrative remote or physical access to one or more servers installed malicious software (malware) onto those servers.
  3. The malware intercepts customer card data and transmits that data outside of the network to remote servers.
  4. WebSphere MQ, which is a popular network messaging carrier for ATM and credit card transactions, does not encrypt this data by default. Since the traffic is sent in clear text, it is easy to "sniff" and capture or transmit this information.

-1-

1  2  

   Next Page

Our Popular Webinars

Best Practices in Moving Processes to the Clouds

How Can the Cloud Fit Into Your Applications Strategy?

Cloud Data Integration Best Practices

The Economics of Cloud Computing

Data Services Insight: Successful implementation of Canonical Information Models

More Webinars

More Top Stories

Five Imperatives for Extreme Data Protection in Virtualized Environments Gold Club Protected

Concepts and Considerations in Highly Available Data Storage Design Gold Club Protected

Trusting the Cloud with your Primary Data Gold Club Protected

Increasing Annuity Sales Through the Implementation of Industry Standards Gold Club Protected

How ACORD Can Be Used As A Best Practice For Data Integration Gold Club Protected

Identity Networking: Where Security and Compliance Meet Gold Club Protected

More Top StoriesTopic Archive

Related News

myFreightWorld Technologies Launches Cloud Computing Freight Load Management Services

Innovative Analysis and Intelligence Solution Drives Smarter Operations and Faster Time to Value

Making SOA Work Teams with Innovation Group to Advance SOA in Insurance

More News

Explore Our Topics

  • EDITOR'S BRIEFING
ebizQ editorial highlights and updates, compiled by Site Editor Anne Stuart
  • Today's trends: BPM suites are more popular than ever, according to recent BPTrends research. ebizQ Site Editor Anne Stuart shares highlights from the report.
  • Agility e-zine: Don't miss the second issue of ebizQ's new Business Agility Insights e-zine for updates on two key BPM standards and expert advice on decision management.
  • Burning question: How useful is BPM for addressing compliance issues? Join the discussion on the ebizQ Forum.
  • ebizQ editorial: Browse our collection of independent editorial content, including articles, tips, Q & As, podcasts, guest columns, book excerpts and more.
  • Want to contribute to ebizQ? Read our editorial guidelines,then contact Site Editor Anne Stuart (astuart@techtarget.com).
  • Virtual Conferences
  • Webinars
  • Roundtables

BPM in Action

March 10, 2011

The sixth annual BPM in Action 2011 Virtual Conference will explore cutting-edge market developments in BPM and describe how to leverage them for improved business operation and performance. More

View All Virtual Conferences

Dynamic BPM: From Reactive to Proactive

BPM 101: What Is Business Performance Management and What Are the Benefits?

SAP Portal Content Management Video/Self Running Demo

View All Webinars

Best Practices in Moving Processes to the Clouds

Date:Apr 07, 2010
Time:13:00 PM ET- (17:00 GMT)

REGISTER TODAY!

How Can the Cloud Fit Into Your Applications Strategy?

Date:Apr 07, 2010
Time:12:00 PM ET- (16:00 GMT)

REGISTER TODAY!
View All Roundtables
  • Research Library
  • Podcasts
  • News

Joe McKendrick: Part II of II: Designing Evolve-ability into SOA and IT Systems

In part two of Joe McKendrick's recent podcast with Miko Matsumura, chief strategist for Software AG, they talk about how SOA and IT systems need to change and grow and adapt with the organization around it.

Listen Now

Phil Wainewright: Helping Brands Engage with Social Media

Phil Wainewright interviews David Vap, VP of products at RightNow Technologies, and finds out how sharing best practices can help businesses understand how best to engage with online communities.

Listen Now

Peter Schooff: Making Every IT Dollar Result in a Desired Business Outcome: Scott Hebner of IBM Rati

Scott Hebner, Vice President of Marketing and Strategy for IBM Rational, discusses a topic on the top of every company's mind today: getting the most from IT investments.

Listen Now

Jessica Ann Mola: Where Will BI Fit In? Lyndsay Wise Explains

In BI, this tough economy and the increasing role of Web 2.0 and MDM are certainly topics on people's minds today. WiseAnalytics' Lyndsay Wise addresses each of them in this informative podcast.

Listen Now

Dennis Byron: Talking with...Deepak Singh of BPM Provider Adeptia

Deepak Singh, President and CTO of Adeptia, joins ebizQ's Dennis Byron in a podcast that gets its hand around the trend of industry-specific BPM.

Listen Now
More Podcasts

Read More »

  • Most Popular
  • Quick Guide
  • Most Discussed

Nine Great Unsolved Mysteries of SOA:


Distinguishing Cloud Computing from Utility Computing


Business Activity Monitoring and Business Intelligence


The Coming Cloud Computing Standards: Talking Cloud with Tarak Modi


Top 10 Reasons to Use, And Not to Use Cloud Computing


Defending Larry Ellison


Quick Guide: What is BPM?

Learn More

Quick Guide: What is Event Processing?

Smart event processing can help your company run smarter and faster. This comprehensive guide helps you research the basics of complex event processing (CEP) and learn how to get started on the right foot with your CEP project using EDA, RFID, SOA, SCADA and other relevant technologies. Learn More

Quick Guide: What is Enterprise 2.0?

A lot of people are talking about Enterprise 2.0 as being the business application of Web 2.0 technology. However, there's still some debate on exactly what this technology entails, how it applies to today's business models, and which components bring true value. Some use the term Enterprise 2.0 exclusively to describe the use of social networking technologies in the enterprise, while others use it to describe a web economy platform, or the technological framework behind such a platform. Still others say that Enterprise 2.0 is all of these things. Learn More

What Does Cloud Computing Actually Cost? An Analysis of the Top Vendors


What is the Difference Between Case Management and BPM?


Is There Place in BPM for Data Standard? If So, What Would it Be?


Will Embedded BI Put an End to Data Warehousing?


E-Zine: BPM Quarterly

This new publication from our sister site SearchSOA.com explores workflow, business activity monitoring (BAM) and complex event processing (CEP) issues.

Featured Bloggers

Peter Schooff's Latest Blog Posts:

Read Peter Schooff's Blog
Michael Poulin's Latest Blog Posts:

Read Michael Poulin's Blog
Scott Cleveland's Latest Blog Posts:

Read Scott Cleveland's Blog
Janne J. Korhonen's Latest Blog Posts:

Read Janne J. Korhonen's Blog
Adrian Grigoriu's Latest Blog Posts:

Read Adrian Grigoriu's Blog
Steven Minsky's Latest Blog Posts:

Read Steven Minsky's Blog
Anne Stuart's Latest Blog Posts:

Read Anne Stuart's Blog

View All ebizQ Bloggers