CSO - Do you think data breaches are up or down in 2011 compared to 2007 or 2008? The official answer may surprise you. According to DatalossDB and the 2011 Data Breach Investigations Report [PDF link] by Verizon, the number of records compromised per year has been decreasing since its 2008 peak. But these reports are missing something very important. It all comes down to what is reported. Last year I met with more than 450 CIOs and CSOs, and almost all of them said that incidents are way up. New breaches are constantly making headlines, so why is there a discrepancy between our perception and what these reports are finding?
Many industry reports focus on the never-ending stream of leaked or stolen personally identifiable information (PII). Most laws and industry standards, such as PCI DSS, also concentrate on PII. But there is something that could be more dangerous to lose than PII and that isn't getting enough attention in data breach reports--intellectual property (IP).
As records show, stealing PII (credit cards, social security numbers, and so on) used to be big business for cybercriminals. Then it started to get a bit harder for hackers to get PII because overall awareness increased as more regulations were passed and organizations started to invest in information security solutions. Verizon's Data Breach Investigations Report states, "Our leading hypothesis is that the successful identification, prosecution, and incarceration of the perpetrators of many of the largest breaches in recent history is having a positive effect." Researchers also suggested that there are fewer hackers and the threat they pose is losing prominence. I believe protection enforcement is a factor in the reduction of PII theft, but I don't believe there are fewer bad guys out there. In fact, quite the opposite: The threat has never been greater than it is now.
The next big thing is stealing IP, which includes product designs, secret formulas, and other trade knowledge. It's what organized cybercrime, state governments and hackers are all going after. Why? Mostly because of the value of the data. One stolen manufacturing process can be worth millions in saved development costs or billions in market share.
Not protecting IP is a huge mistake for companies and countries alike. Intellectual property is what makes modern nations competitive in the world economy. It fuels innovation and development, and it keeps you ahead of the competition.
What do CSOs think? More than 70 percent of the CIOs and CSOs I spoke with last year said their IP is under attack. Yet only 30 percent of them have data-loss prevention (DLP) tools in place. And most of them do not have software to protect their data in the cloud or on mobile devices, which are the two big new blind spots that they need to worry about.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
