Blogs
Michael R. Farnum's picture
Michael R. Farnum

Hitting the Security Nerve

More posts |

December 18, 2006 - 8:19 P.M.

The no. 1 security issue of 2006

Someone asked me the other day what I thought the number one security story was for 2006. I really couldn't narrow it down, so I proposed that there was no single security story that stood out much more than any other story. However, there was a security issue that was seemed to take center stage more than any other. And that issue is the huge number of identities that have been compromised over the last year. 
 

It seems like every other day gives us a new incident of either a hacker breaking into a database at some university via a poorly secured web application or some company employee losing a laptop that held thousands of employee records. 
 

Probably the most publicized of these incidents was the loss of the VA laptop that held over 26 million veteran records. This caused a firestorm of blogging and typical news stories in the security industry as well as outside the security world. Even though the laptop was recovered and appeared to be just a theft of hardware, it highlighted poor policies and procedures at the VA and led to a few head-rollings.

Is 2007 going to see this trend continued? I say yes for at least a couple of reasons: 

  1. Many of the companies that got hit were getting hit for months and sometimes over a year without knowing it. It is quite feasible that much of that is still going on right now and won't be discovered until well into 2007.
  2. There has been very little progress in really trying to stop this kind of problem. Yes, the security industry is responding with all kinds of devices and software to fill the gaps. And yes, some companies are shoring up their security by purchasing some of these products (laptop encryption, information leakage products, etc.) and by creating more robust security programs. However, it comes down to whether or not companies view the problem as enough of a risk to spend the capital.  And many companies are still making the wrong decision.

No, this is not a problem that is going away easily or quickly.  Be prepared for more data-breach stories in 2007 and into 2008.

Related Posts

Confirmed: Windows Phone 8 OS 'Apollo' has PC kernel
Android Market security: An interview with Android's VP of engineering
Sneak Pineapple peak: Hak5 creates even more lethal Wi-Fi hot spot honeypot hacking tool
Microsoft slams Google hard on privacy with big-money ad campaign

Today's Top Stories

When IT gets to play: Skunk works projects
'Server huggers' present obstacle to cloud use
European regulators start investigating Carrier IQ
'Nothing but the facts' approach just won't work with business people
Mozilla declines to say if it's renewed lucrative Google deal
SAP faces cloud strategy questions with SuccessFactors buy