In one of our features this month, "2006: Year of exposed IDs," we discuss the various breaches that have plagued businesses of all sizes over the last year. As our edition went to press, still other incidents cropped up.
The likes of the Transportation Security Authority, AT&T, Circuit City, the University of Minnesota and a host of others listed on PrivacyRights.org now have joined a long list of entities that have exposed the personally identifiable details of customers, students, their employees or other groups. The listing shows — as of press time — a grand total of 93,679,867 personal records exposed. Yikes! What a scary, scary number, huh?
On the flipside, TheInfoPro, a New York City-based independent research group, offered up some statistics that could indicate companies which have been concerned with such IT security risks as exposed data, access to information, understanding and management of malicious events, are making more strident moves to get on top of them. In its Wave 7 Time Series report based on its Information Security Study, the research organization uncovered some interesting moves on certain IT security deployments.
The research is based on interviews with IT security pros conducted over two years in six-month intervals or ‘waves.' The most recent Q3 2006 release involved some 275 in-depth interviews. Among these decision-makers, there are planned adoptions for network access control, security information event management (SIEM) and wireless LAN security.
Given all that's happening in our industry, these findings aren't surprising. Company executives are under a ton of pressure to
get security right. They've got compliance mandates that, if they fail to meet, could end in fines or jail-time. Then there's the need to get a handle on event data, in addition to ensuring that exposures and risks are kept to a minimum. And let's not forget the bad publicity and financial woes associated with all those ID exposures.
Yes, hearing about these instances of potential data loss is worrisome and tiring. But, some alert companies are making moves to get it right, as indicated by InfoPro's sampling of IT security pros. Let's just hope they get a move on for our sakes.
As you'll see in the later pages, our own Technology Editor Jon Tullett has decided to make some moves of his own. In our next issue, I'll be introducing you to his U.S.-based replacement, who will help keep SC Magazine as the top industry resource for you.
Illena Armstrong is editor-in-chief.