{"id":345,"date":"2009-01-08T19:02:17","date_gmt":"2009-01-09T03:02:17","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/?p=345"},"modified":"2009-01-08T19:02:17","modified_gmt":"2009-01-09T03:02:17","slug":"data-breaches-booming","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2009\/01\/08\/data-breaches-booming\/","title":{"rendered":"Data Breaches Booming"},"content":{"rendered":"<p>InformationWeek recently published an <a title=\"article\" href=\"http:\/\/www.informationweek.com\/news\/security\/attacks\/showArticle.jhtml?articleID=212700890\">article<\/a> based on data from the Identity<br \/>\nTheft Resource Center (a non-profit organization which aims to understand and<br \/>\nprevent identity theft), that shows an increase of 47% in the number of reported<br \/>\ndata breaches in 2008. The business sector reported the most breaches, followed<br \/>\nby the educational, government, health and financial sectors. It&#8217;s interesting<br \/>\nto note that in 2007, government institutions were at the top of the list,<br \/>\nreporting the highest number of break-ins, but have since moved to third place.<br \/>\nThis may suggest government and military organizations are taking more<br \/>\nproactive steps in protecting their information.<\/p>\n<p>When the Internet first came about, data security wasn&#8217;t considered a<br \/>\nconcern; it was established to enable collaborative work over long distances.<br \/>\nHowever, with today&#8217;s Internet, it is no longer a valid assumption that everyone<br \/>\nhas good intentions. Despite this, people still refuse to take any measures to<br \/>\nprotect their data. The article states that only 2.8% of the breaches had<br \/>\nencryption in use, and only 8.5% had any sort of password protection. It&#8217;s no<br \/>\nwonder there were so many break-ins.<\/p>\n<p>Organizations need to recognize that the Internet is a dangerous place. It is<br \/>\nno longer the friendly environment that it was when it was first established.<br \/>\nInstitutions should actively take steps towards protecting their data. This<br \/>\nwould include password protecting all accounts, and encrypting sensitive data.<br \/>\nFurther, users of these systems should be educated about general security<br \/>\npractices, such as what constitutes a &#8220;good&#8221; password or why company laptops<br \/>\nshouldn&#8217;t be brought home. Until actions such as these are taken, data breaches<br \/>\nwill continue to occur.<\/p>\n<p>These sorts of incidents give rise to a number of privacy and safety concerns.<br \/>\nFor instance, a data breach at on online retailer could leak customer&#8217;s credit<br \/>\ncard information; a break-in at the DMV could reveal names, photos and<br \/>\naddresses; private medical information can be gleaned from hospital computers;<br \/>\nor military secrets stolen from an insecure server.<\/p>\n<p>These organizations need to be encouraged to be more conscious of security<br \/>\nissues. Individuals who were harmed by data-breaches should hold the institutions<br \/>\naccountable. For example, if it was a business that didn&#8217;t password protect<br \/>\ntheir customer database, customers should refuse to purchase products from them<br \/>\nuntil they revamp their security. Until they see repercussions for their lax<br \/>\nattitude towards security, institutions will have little incentive to change.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>InformationWeek recently published an article based on data from the Identity Theft Resource Center (a non-profit organization which aims to understand and prevent identity theft), that shows an increase of 47% in the number of reported data breaches in 2008. &hellip; <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2009\/01\/08\/data-breaches-booming\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":78,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-345","post","type-post","status-publish","format-standard","hentry","category-current-events"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/345","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/78"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=345"}],"version-history":[{"count":5,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/345\/revisions"}],"predecessor-version":[{"id":350,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/345\/revisions\/350"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=345"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=345"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=345"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}