Fast Company and Inc. are among the financial publications that have cautioned business readers about data compromise: It’s only a matter of when and how the breach will occur. Unfortunately for publisher Mansueto Ventures, the when occurred sometime in early 2016.
Employees’ personally identifiable information — Social Security numbers and more — was stolen and used for filing false state-local tax returns. Workers were left to sort out the mess, according to Keith J. Kelly of the New York Post, who reported the breach at the publisher in the first week of March. “The fact that all that data was unencrypted is pathetic — and ironic as hell,” one staffer reportedly told Kelly.
Indeed, billionaire Joe Mansueto, as Kelly noted, is the founder and CEO of investment research and management firm Morningstar.
As of March 1, the Identity Theft Resource Center has identified 100 breaches in 2016 with 1,789,393 records exposed. The numbers are in line with 2015. Business accounted for the highest number of breaches, at 43, but only 6% of record exposure, with 109,883. Healthcare had 40 breaches, with 71% of the data compromised, 1,269,890 records in all. Banking/Credit/Financial represented only four breaches, with 0.2% of the records exposed, or 4,382. Other categories included Educational, with 15 identified breaches, and Government/Military with eight.
The status quo points to ongoing issues with security tools and their implementation. Data loss protection (DLP) is aimed at stopping data compromise, yet implementation is spotty at best. Many systems are purchased for compliance reasons and get underused. Visibility into the protection of personally identifiable information may get worse as more companies move to the cloud.
Employees have embraced the cloud for storage, information sharing and BYOD services, often without the blessing of IT. How can IT security teams implement cloud DLP policies across environments while preserving the productive use of applications? We look at cloud DLP technologies and best practices that have proved effective for enterprise security programs. Not surprisingly, cloud access security brokers (CASBs) have become a major part of the conversation, reports Jaikumar Vijayan in this month’s cover story.
Many organizations are still in search of effective protection techniques against network and endpoint threats that result in data compromise or theft. We polled 700 IT and security professionals at medium-to-large enterprises that have active endpoint security projects or technology purchases in the next 12 months. Many tools once aimed at workstations and servers now offer policy integration and data protection for the tablets and smartphones. In this month’s Readers’ Top Picks, we share the shortlist of endpoint protection suites of those surveyed.
Finally, the White House announced the Cybersecurity National Action Plan in February 2016 to address what the president sees as weakness in cybersecurity preparedness across the country, including problems within the federal government and its skill sets. “The details that are in the language of the plan, which is not a law, nor is the money approved by Congress, are really just getting the basics taken care of, and at what a cost!” says Adam Rice, who looks at the cybersecurity spending plan and new Federal CISO position that was announced along with it. As he points out, the implementation of the plan will depend on the next president. (Uh-oh …)