Researcher: 'If I Were a Financial Institution, I'd be Nervous'
Reported data breaches increased by nearly half in 2008, and 12 percent of the total hacks were at financial institutions - up from 7 percent in 2007.
This is the news from the Identity Theft Resource Center's (ITRC) 2008 breach report, which shows that 2008's 656 reported breaches were up 47 percent over 2007's total of 446. Seventy-eight of the breaches were at financial services companies. And the ITRC says breaches will continue expanding until more companies start taking data protection seriously.
The two most prevalent types of methods used to remove data from financial services companies are external hacking and insiders, according to Jay Foley, Executive Director at ITRC. "The most recent CSI report shows that 70 percent of hacking has been from the inside, meaning a trusted insider did it," Foley says. "If I were a financial institution, I'd be nervous."
Other data-loss methods tracked include data on the move, accidental exposure and subcontractors.
The ITRC monitors reports from five groups: business, education, government/military, health/medical and financial/credit. Over the three years the ITRC has compiled this report, the financial, banking and credit industries have remained the most proactive groups in terms of data protection.
Report Card for Banking Institutions
But despite having the best record among the five groups, financial institutions still suffer a great deal of loss. Missing laptops and backup tapes stand out as some of the more glaring areas for data loss. In looking at the entire number of breaches, only 2.4 percent of all breaches had encryption or other strong protection methods in use, and only 8.5 percent of reported breaches had minimal password protection.
"That leaves the rest that were unprotected," Foley notes. "Encryption is an extremely positive tool." If one bank encrypts its information, and the bank next door doesn't, he asks, "Where do you think the hacker will go to get data?" An additional point Foley makes is that most backup tapes or cartridges must be read on equipment that is expensive and not easily attainable to the average hacker. "If I was a bank and one of my non-encrypted backup tapes went missing, I wouldn't worry too much. An unencrypted laptop goes missing, that's a whole different matter," he says.
To Continue Reading: Click Here
----------------------------------------------
Source: bankinfosecurity.com
By: Linda McGlasson
Thursday, January 08, 2009
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment