Data Breach Statistics Roundup
FierceCIO recently summarized some statistics about data breaches that were quite disturbing. Among them are the following:
- Data breaches are up 21% so far in 2014 compared to the same time period last year (CIO.com)
- After hackers, the two biggest security concerns are lax security and stupidity (CIO.com)
- More than half of health care data breaches involved small businesses (CORL Technologies Survey, eWeek)
- 58% of health care vendors scored in the "D" grade range for their confidence in their security (CORL Technologies Survey, eWeek)
- Only 32% of vendors have security certifications (CORL Technologies Survey, eWeek)
- 31% of third party vendor contracts contain security provisions (PricewaterhouseCoopers cyber-crime survey, eWeek)
"Organizations continued to struggle with attacks that were targeted in nature, which could be directly aimed at the energy, financial, health care, and retail industries or critical infrastructure," according to J.D. Sherry, VP of Technology and Solutions at Trend Micro (Trend Micro's Q1 report, CIO Insight)
I've hand-picked these statistics for their relevancy to how companies handle their asset retirement. There are a number of disturbing trends that have a direct impact on your asset retirement security profile.
First, breaches continue to rise in general and assailants will typically exploit the weak link in a company's security. While online hacking and phishing scams have received the bulk of the attention, it's only a matter of time before attackers start targeting the data found on old or retired drives.
Second, despite substantial resources being dedicated to battling online attacks, companies are allowing "lax security" and "stupidity" to make them vulnerable in other areas. This is particularly true when it comes to data sanitization and asset retirement. From our experience, the majority of companies still allow old computers, servers and hard drives to sit in the "back room" for 3 years before batch processing them or sending them to a vendor for processing. Why allow this "lax security" when the data can be completely sanitized immediately upon retirement for minimal time and cost? This is simply a security hole that need not exist for any company.
Third, several of the statistics focused on the lax management of external vendors and the negative implication it has on security. This is particularly true in the realm of asset management where the attitude of "someone else takes care of that" prevails. If you rely on a third party to sanitize your data, not only do you face the risk of data sitting around for years as mentioned earlier, but you also risk that your third party is handling your assets insecurely or improperly sanitizing your data. Once you ship your assets to a third party do you know how long they sit before they're processed? Do you know who has access to your assets at the vendor's warehouse? Are your assets sanitized using certified tools? We're all in favor of having a third party sanitize your data as a backup measure, but the initial sanitization should occur quickly and internally.
Finally, it's no secret that certain industries such as financial services and healthcare are particular targets for data breaches. It was interesting to note that attackers are targeting smaller businesses as well as large enterprises. Small and medium sized businesses businesses have less resources to dedicate to security and less sophisticated data practices. At least data sanitization is an area that is so simple and affordable to implement, it can be one area small business don't have to worry about.Tagged: security, data sanitization, privacy protection