Blog

Posts Tagged ‘compromise’

Newer Entries »

Malware Leads to Breach of Student Data

Sunday, December 6th, 2009

Eastern Illinois University revealed on Friday that an admissions office server had been infected with malware which it believes enabled attackers to freely access the system. EIU can not determine whether or not files were accessed, but IT technicians fear that as many as 9,000 files containing personal information on current and former students, as well as applicants, may have been compromised.

These stories are so common that companies and individuals alike may become de-sensitized over time. However, the fact that these stories are so common doesn’t reduce the impact on the institutions and individuals affected, nor does it eliminate the obligation of entities entrusted with sensitive information to take the necessary steps to ensure it is protected at all times.

Details are sketchy at this point for this breach, but it seems that the server was lacking antimalware protection, or that the antimalware signatures were not up to date. Its also possible that the malware was new or unknown and simply slipped right past the antimalware defenses. That is why the data on the server should also be encrypted to guarantee that it cannot be compromised even if the server itself is breached.

Tags: , , , , ,
Posted in Security Breaches & Data Loss Incidents | 3 Comments »

Drastic Decline in Data Breaches is Deceiving

Thursday, November 26th, 2009

The Identity Theft Resource Center has great news! 2009 is on pace for a 50 percent drop in the number of reported data breaches. With breaches plummeting like that it would seem we should chalk one up in the win column for information security. Well, not so fast.

As it turns out, while the total number of incidents has dropped steeply, the total number of personal records that have been compromised is around 220 million–an increase of more than 600 percent from 2008.

So, good news: the number of incidents is down; bad news: significantly more social security numbers, credit card numbers, sensitive medical records, and other personal information have been compromised. Organizations need to have security controls in place to both restrict sensitive data from being leaked as well as protecting the data where it is stored on the servers to ensure that these types of breaches don’t continue.

Tags: , ,
Posted in Security Breaches & Data Loss Incidents | 1 Comment »

IMI-TechTalk- Enemy Within: The Insider Security Threat

Monday, November 23rd, 2009

This week, Tony Bradley, Zecurion ‘chief’ product evangelist, joined host Tom D’Auria on the IMI-TechTalk radio show to talk about the internal security threat posed by trusted employees. The show “Enemy Within: The Insider Security Threat” provides listeners with valuable insight into the present and growing internal threat to confidential and sensitive information.

Bradley discusses the issues faced by IT and security administrators and the need to strike a balance between protecting data and enabling productivity. He also stressed how important it is to leverage tools that proactively enforce policies and protect data without further burdening the IT staff.

The show originally aired on Sunday, November 22, 2009 at 5pm Eastern / 4pm Central on KFNX AM 1100 which airs in the Greater Phoenix area. Those outside of the Phoenix area can listen to the weekly show on the live Web simulcast.

Click here to download or play the MP3 recording of the show: Enemy Within: The Insider Security Threat.

Tags: , , , , ,
Posted in Data Storage Security | 4 Comments »

Newer Entries »