English   Deutsch   Русский   中文    

Data Breaches during 2012 demonstrate the need for better information stewardship

Jan 24, 2013 by Mike Small

Was 2012 a big year for IT security breaches?

Whilst I don’t have quantitative information on exactly how many data breaches there were during 2012.  However, during this period, there were many prosecutions, enforcement notices and monetary penalties issued by the ICO (UK Information Commissioner's Office).  These included a record monetary penalty of £325,000 for a hospital in the UK where discs containing patient data were sold on the internet , a penalty of £150,000 for Greater Manchester Police where an officer lost an memory stick with unencrypted information relating to more than 1000 people linked to serious crimes, and a penalty of £120,000 was issued to council where sensitive information about a child protection legal case was emailed to the wrong person.  There have also been a number of cases of Hacktivism and a worrying trend towards "ransom ware" – and example being where extortionists encrypted patient data belonging to an Australian hospital and demanded $5000 to restore access.

Does this mean that the IT security industry losing the battle against the hackers?

In terms of IT security technology there is a continuing arms race. As new kinds of security are developed the criminals find alternative tools, tactics and procedures to overcome these.  This challenge needs to be considered against a wider scope than one of technology.  As long as criminals can make money at – what they consider to be an acceptable level of risk – they will continue.  The challenges include the lack of consistent laws and enforcement across the globe and the ability of criminals to process and bank their ill-gotten gains.  As an example of this Sophos was able to trace the gang behind the “Koobface” malware but there was no chance of being able to prosecute themin the UK.

What are the biggest IT security threats facing companies in 2013?

The single biggest threat is getting the owners and holders of information to recognize its value and their responsibilities.  What is needed is a much greater degree of “information stewardship” to take appropriate care of information – to treat it like money.  The examples from the ICO show that there are still too many organizations that fail to take adequate care of the information they hold.  In addition cyber criminals often seem to be better at recognising the value of information than owners.   The cyber criminals are evolving their tools, techniques and processes to focus their attacks on the highest value targets.  So organizations need to guard against and prepare for these kinds of event.  This means a change of culture as well as applying the best technology.

The KuppingerCole advisory note: From Data Leakage Prevention (DLP) to Information Stewardship – 70587 provides more details on this subject.  This subject will also be covered at the European Identity & Cloud Conference held in Munich during May 2013

Google+

top
Author info

Mike Small
Fellow Analyst
Profile | All posts
KuppingerCole Blog
By:
KuppingerCole Select
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.
Register now
Spotlight
User Empowerment / Life Management
For most organizations, supporting user empowerment means simplified access to information and less friction by privacy discussions. Yes, the users can revoke access – but companies also might build far better relationships with customers and thus minimize that risk. There are compelling business cases today. And, in contrast to 2012, the world appears being ready for solutions that force user empowerment.
KuppingerCole Services
KuppingerCole offers clients a wide range of reports, consulting options and events enabling aimed at providing companies and organizations with a clear understanding of both technology and markets.
Links
 KuppingerCole News

 KuppingerCole on Facebook

 KuppingerCole on Twitter

 KuppingerCole on Google+

 KuppingerCole on YouTube

 KuppingerCole at LinkedIn

 Our group at LinkedIn

 Our group at Xing
Imprint       General Terms and Conditions       Terms of Use       Privacy policy
© 2003-2015 KuppingerCole