What are examples of information that has recently been the target of theft?
Intellectual property, personally identifiable information (birth dates, social security numbers, addresses, etc.), trade secrets, employee and customer data, and payment card data. A key message to consider is that this data is being targeted by organized, motivated, and sophisticated groups that are well compensated for their success. High profits and sophisticated techniques are making data and identity theft more lucrative, easier to conduct, and more difficult to police. Weak international laws make it difficult to prosecute thieves.
How does data and identity theft affect my organization?
Data losses can be devastating. Besides potential fines and lawsuits, breaches can have a long-term impact on a company’s brand and reputation. Other impacts include product counterfeiting, fraud, and the loss of revenue having a lasting negative effect on brand value and corporate reputation. Strong safeguards on sensitive information can help protect a company’s reputation, competitiveness, and financial well-being.
If I am in compliance with such regulations as HIPAA, SOX, GLBA, or other industry standards such as payment card industry (PCI), am I protected?
An unpleasant fact is that most company information-protection measures are compliance-focused and inadequate against today’s sophisticated threats. Simply stated, compliance is merely the minimum level of information protection needed. Our experience in conducting security assessments for clients has shown that, across industries, even those who follow compliance standards or have information-protection policies in place are still at risk of data and identity theft.
Our data is confined within the data centers of our company. We have implemented firewalls and perimeter security measures to protect it - do I need to be concerned?
Data is portable, and can be easily transferred and replicated. Though data centers and servers can provide a higher level of information protection, the preponderance of mobile devices&mdashsuch as laptops, PDAs, and plug-in drives — are less secure and increase the risk of theft. Once data is distributed, all devices that access the data are potential breach points.
Why is this such a high priority issue today? We already have an IT security organization.
Whether to lower costs or to gain access to a global pool of specialists, companies are increasingly adopting more complex, highly collaborative business models which are predicated on sharing this sensitive information. However, most company protective measures have not kept pace with the rate of change in business. This information is more portable than ever however, protection measures and compliance efforts are still focused on IT systems and applications. In most cases, the effectiveness of these protections have been marginalized or rendered ineffective by the shift in business model.