Data breaches remain a huge concern for '08

But Dean Turner, Director of Symantec's Global Intelligence Network, has some advice

Dean Turner, Director of Symantec's Global Intelligence Network says data breaches and ID theft will continue dominate the threat landscape next year. He also outlines practical steps companies and consumers can take to protect themselves, in this interview with ITBusiness.ca editor, Joaquim P. Menezes.

In its recent threat trends report, Symantec listed high-profile data breaches as one of the Top 10 Internet Security trends of 2007. Do you foresee these being major threats in 2008 as well?

Certainly -- because what we're talking about here is stolen identities and data extrapolated for identity exposure, which is then sold and used to commit fraud.

As the threat landscape is pretty much dominated by the money [motive] -- these will definitely continue to be huge concerns moving forward.

Is there a strong causal link between the two? Would you say data breaches are one of the biggest factors leading to ID theft?

Absolutely. Without a doubt data theft is one of the -- if not the -- leading cause of exposed identities. And identity theft is a very major concern. But one thing to keep in mind is that this is a global problem. ID breaches that occur in Canada or any country around the world may not be caused by Canadian attackers. They could be coming from someone in Timbuktu. That's the nature of the Internet -- it's global, it's de-centralized, and criminals have taken advantage of that. So we need to be cautious -- as it's not just in our own backyard that these threats emerge.

Data can be breached in a variety of ways -- physically and virtually. In your experience, what are the commonest types of data threats?

When we take a look at data breaches as a whole, the primary cause of that is data theft or loss. And that could be something as simple as somebody leaving a laptop somewhere, or it could be an internal employee walking out with company information on a USB thumb drive or something like that. The next cause, of course, is insecure policy. Some issues enterprises and governments are starting to grapple with as their organizations get bigger are: "What types of security policy should we have in place? Should this be homogenous between all departments? Does it need to be tweaked based upon the sensitivity and security levels of all those departments?" and so on.

But we've found with one subset of data breaches -- those that eventually led to exposed identities -- the majority (around 74 per cent) were due to hacking. So the stuff that's actually making it out, and being sold online, a lot of that is being done through hacking and external infiltration of databases.

There are so many methods to get at that type of information, and one of the most popular, of course, is through malicious code -- things like Trojans and bots. A lot of those attacks are designed to take place in stages. The first attack usually opens up a back door, and then [subsequent attacks] leak the data out of the systems to another place on the Internet.

What steps can enterprises -- especially those that are custodians of confidential information -- take to protect themselves and their customers from data breaches leading to ID theft?

There are a host of things organizations should be doing. First and foremost is performing a risk assessment. They need to classify their information -- to identify the critical places where their information resides, and how that is connected, not just internally -- but if any of that is being exposed externally.

They have to make sure that appropriate solutions are in place -- firewalls, intrusion detection systems, anti-virus software -- and often forgotten is things like backup.

They should also ensure that in the event of some kind of catastrophic occurrence, or a theft, or destruction of data -- that you've got a way to get that data back into the system.

The policy end of that is identifying a process that your organization goes through; identify what's critical and what's not -- and what we do in the event of a data breach. So if we have super-sensitive information -- such as a credit card database of our customers -- we have to be very careful to ensure that that data is in a location where it's very tightly controlled, with restrictions as to who has access to it and who doesn't.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Joaquim P. Menezes

ITBusiness.ca
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?