Search This Blog

Friday, October 26, 2007


A major finding was the fact that the ID crooks “are increasingly targeting personal information to make a profit and are threatening to impact people's privacy.” This blog has been making that point over and over since launching back in April of 2005. According to, the Microsoft report found one of the reasons for this condition is that organizations’ security and privacy officers don’t talk to each other. Duh. Why would they want to discuss a problem that could expose millions of their customers’ personal records? But apparently there is disagreement within some companies on how to manage private information for two simple reasons: one) security and privacy execs look at customer data as an asset that should be protected; two) the marketing bunch looks at it as a resource for business objectives. I might add to the latter, during my 35 years in the junk mail industry, the “marketing bunch,” which included the list industry, had only one outlook: collect all the names and private information that is available, as fast as possible, and sell it as many times as the marketplace allows. The coverage of the study has a different take on department’s cooperating, saying that the ones with the personal data tend to mismanage it, thinking at the same time the IT department is securing it. The big question is who, and how many, have their finger on that big button that releases your private information? Unfortunately in many companies, the only ones who know this are the ones with the access. Management doesn’t have a clue in some cases. Another finding in the MS report was that the bad guys come up with new technology every day, thus, making it honestly hard for corporations to keep up with it. From comes the report figure of 31.6 million phishing scams in the first part of 2007, an increase of 150 percent over the same period in 2006. MS says a major portion of the thievery, including backdoors/bots/password stealers/keyloggers in the first half of 2007 came from just one family of malware, Win32/IRCbot. Another piece quotes the report as confirming the earlier confusion between company departments saying 78 percent of management thought their marketing department informed security and privacy executives of what it’s doing with your sensitive data. However, the marketers themselves reported this was the case only 30 percent of the time. It’s a situation where this hand releases the private information, with the other hand hoping like hell it will be secure. And that is not good enough, particularly when you consider the amount of revenue that comes from collecting and selling your names and personal data. The junk mail industry alone grosses over $4 billion each year. Why weren’t some of these profits invested in data security years ago when the junk mail industry discovered the gold mine it is now panning so vigorously. I was there hawking lists as early as 1969, and the emphasis was always on collecting and selling, not how do we secure all this precious cargo. The Microsoft study comes out ever six months. It will be interesting if the next study can report some progress in the identity crisis. I do have guarded optimism.

No comments: