Unlocking encryption myths
There’s no debate over the fact that data breaches are sharply on the rise. In mid-March the chief enterprise risk officer for Visa, Ellen Richey, said that common sense dictates that a challenging economy will produce increased data theft activity – sales of stolen data remains an exceptionally vibrant business despite the downturn. Richey added that: ‘security and law enforcement experts have confirmed that cyber attacks on consumers and businesses have intensified in recent months.’
According to the Identity Theft Resource Centre’s 2008 breach report, which only tracks incidents involving personally identifiable data, there were 656 reported breaches at the end of 2008, an increase of 47 per cent over the 2007 total of 446. And we’re off to a rather distressing start in 2009, with 125 breaches reported in the first three months of the year, affecting 1,553,069 records, according to the Open Security Foundation (www.datalossdb.org).
What is more depressing is that the Identity Theft Resource Centre reports that only 2.4 per cent of the companies involved in reported breaches utilized encryption. The vast majority of the exposed data was open to attack, a sad fact that no doubt delighted data thieves and enabled them to profit from the purloined data.
Criminals are so pleased by the discovery of unencrypted data that they are now deliberately targeting small and midsize business, according to information presented at the Visa Security Summit 2009, under the assumption that big business will have already done the right thing and have encrypted data throughout its lifecycle.
you can find more On The British Computer Society’s website