InformationWeek recently published an article based on data from the Identity
Theft Resource Center (a non-profit organization which aims to understand and
prevent identity theft), that shows an increase of 47% in the number of reported
data breaches in 2008. The business sector reported the most breaches, followed
by the educational, government, health and financial sectors. It’s interesting
to note that in 2007, government institutions were at the top of the list,
reporting the highest number of break-ins, but have since moved to third place.
This may suggest government and military organizations are taking more
proactive steps in protecting their information.
When the Internet first came about, data security wasn’t considered a
concern; it was established to enable collaborative work over long distances.
However, with today’s Internet, it is no longer a valid assumption that everyone
has good intentions. Despite this, people still refuse to take any measures to
protect their data. The article states that only 2.8% of the breaches had
encryption in use, and only 8.5% had any sort of password protection. It’s no
wonder there were so many break-ins.
Organizations need to recognize that the Internet is a dangerous place. It is
no longer the friendly environment that it was when it was first established.
Institutions should actively take steps towards protecting their data. This
would include password protecting all accounts, and encrypting sensitive data.
Further, users of these systems should be educated about general security
practices, such as what constitutes a “good” password or why company laptops
shouldn’t be brought home. Until actions such as these are taken, data breaches
will continue to occur.
These sorts of incidents give rise to a number of privacy and safety concerns.
For instance, a data breach at on online retailer could leak customer’s credit
card information; a break-in at the DMV could reveal names, photos and
addresses; private medical information can be gleaned from hospital computers;
or military secrets stolen from an insecure server.
These organizations need to be encouraged to be more conscious of security
issues. Individuals who were harmed by data-breaches should hold the institutions
accountable. For example, if it was a business that didn’t password protect
their customer database, customers should refuse to purchase products from them
until they revamp their security. Until they see repercussions for their lax
attitude towards security, institutions will have little incentive to change.