English   Deutsch   Русский   中文    

Data Breaches during 2012 demonstrate the need for better information stewardship

Jan 24, 2013 by Mike Small

Was 2012 a big year for IT security breaches?

Whilst I don’t have quantitative information on exactly how many data breaches there were during 2012.  However, during this period, there were many prosecutions, enforcement notices and monetary penalties issued by the ICO (UK Information Commissioner's Office).  These included a record monetary penalty of £325,000 for a hospital in the UK where discs containing patient data were sold on the internet , a penalty of £150,000 for Greater Manchester Police where an officer lost an memory stick with unencrypted information relating to more than 1000 people linked to serious crimes, and a penalty of £120,000 was issued to council where sensitive information about a child protection legal case was emailed to the wrong person.  There have also been a number of cases of Hacktivism and a worrying trend towards "ransom ware" – and example being where extortionists encrypted patient data belonging to an Australian hospital and demanded $5000 to restore access.

Does this mean that the IT security industry losing the battle against the hackers?

In terms of IT security technology there is a continuing arms race. As new kinds of security are developed the criminals find alternative tools, tactics and procedures to overcome these.  This challenge needs to be considered against a wider scope than one of technology.  As long as criminals can make money at – what they consider to be an acceptable level of risk – they will continue.  The challenges include the lack of consistent laws and enforcement across the globe and the ability of criminals to process and bank their ill-gotten gains.  As an example of this Sophos was able to trace the gang behind the “Koobface” malware but there was no chance of being able to prosecute themin the UK.

What are the biggest IT security threats facing companies in 2013?

The single biggest threat is getting the owners and holders of information to recognize its value and their responsibilities.  What is needed is a much greater degree of “information stewardship” to take appropriate care of information – to treat it like money.  The examples from the ICO show that there are still too many organizations that fail to take adequate care of the information they hold.  In addition cyber criminals often seem to be better at recognising the value of information than owners.   The cyber criminals are evolving their tools, techniques and processes to focus their attacks on the highest value targets.  So organizations need to guard against and prepare for these kinds of event.  This means a change of culture as well as applying the best technology.

The KuppingerCole advisory note: From Data Leakage Prevention (DLP) to Information Stewardship – 70587 provides more details on this subject.  This subject will also be covered at the European Identity & Cloud Conference held in Munich during May 2013


Author info

Mike Small
Senior Analyst
Profile | All posts
KuppingerCole Blog
KuppingerCole Select
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live training sessions.
Register now
Customer-Centric Identity Management
As more and more traditional services move online as part of the digital transformation trend, consumer-centric identity management is becoming increasingly vital business success factor. Customers aren’t just physical persons, they are also the devices used by customers, they are also intermediate organisations and systems which operate together to enable the provisioning of the service.
KC EXTEND shows how the integration of new external partners and clients in your IAM can be done while at the same time the support of the operational business is ensured.
 KuppingerCole News

 KuppingerCole on Facebook

 KuppingerCole on Twitter

 KuppingerCole on YouTube

 KuppingerCole at LinkedIn

 Our group at LinkedIn

 Our group at Xing
Imprint       General Terms and Conditions       Terms of Use       Privacy policy
© 2003-2016 KuppingerCole