Security Data Breaches

There have been two recent security breach incidents at Sony. On around April 18, data thieves broke into the PlayStation Network (PSN) and Qriocity’s media streaming service databases and took personal information on 77 million account holders, including, possibly, credit card information on about 10 million subscribers. Then, hours after shutting down access to its Sony Online Entertainment service because of the breach, the company said another security incursion exposed information on an additional 24.6 million accounts.

Is this just a one-off event? How common is this type of breach?

Prior to the Sony incident, Verizon did a report on data breaches. The report found an increase in the number of data breaches reported, but a decline in the amount of data stolen. Just over 760 data breaches were reported in 2010, compared to 900 total in the six previous years. But only 4 million records were compromised – a lot less than the 144 million compromised in 2009.

A few other results:

• 92 percent of incidents stemmed from external agents and 17 percent implicated insiders.
• 83 percent of victims were targets of opportunities.

So what should a business do to avoid problems like this?

• Have a security policy and test it out often.
• Eliminate unnecessary data and make sure you know where are the data is.
• Make sure you have network security as well as application and database security in place.
• Know who has access to the data and why.
• Keep and monitor event logs.
• Make sure you have security in place around payment devises, especially those in retail stores or other remote locations.

So, security incidents are still a critical item and can damage your business. Each business should have a security policy in place.

Rose Klimovich is a consultant and writer on technology. Formerly she was VP Product Management and Product Marketing for the colocation and interconnection products for Telx, where she led the efforts in creating the Telx strategy and developing and investing in new products and services in areas like colocation, cloud, Ethernet Exchange and Telepresence video.