Search This Blog

Monday, March 17, 2008


SECURITY IN CORPORATE DATABANKS IS PROVED INADEQUATE, BUT HACKERS JUST KEEP GETTING BETTER


Based on new research by Positive Networks, a Kansas company dealing in security products and services, 20 percent of all corporate networks or databanks have been broken into because their security is not adequate. On the other hand, hackers are finding new ways to break into the remaining 80 percent. First, Reuters news service has a good piece that quotes the findings from about 300 Information & Technology Professionals who believe their current authentication methods, such as username/password, are not satisfactory. 93 percent of the respondents were seriously concerned over their company’s protection of data and network security. A large majority of IT professionals do seem to rate the safety of their databanks as a high priority, many indicating improvements over prior years. So why haven’t we seen these improvements reflected in the marketplace where data breaches are still rampant? There have been 60 personal data breaches since the first of the year, as reported by Privacy Rights Clearinghouse. One was a First Magnus Mortgage Loan office in Ft. Lauderdale, Florida that dumped customer files containing Social Security and credit card numbers along with names and addresses, into a garbage container. I mention Magnus because they just went bankrupt and there is a trend across the country for former mortgage lenders to relegate consumers’ sensitive information to the trash heap without shredding it first. One in five of the IT pros had experienced identity theft personally, so you would think they would be screaming their heads off to the company CEO to at least insure that the employee data is secure. That’s probably what the 5,000 MTV Network personnel are saying after their names/addresses, birth dates and Social Security numbers were compromised on March 8. But maybe it won’t make any difference since the latest approach used by hackers is to simply freeze the computer’s encrypted hard drive which causes it to retain data in the memory for hours after the machine is turned off. Of course this must be an inside job, since the crook has to have physical access, but then employees do account for a certain number of data breaches. Princeton University conducted the research on this latest scam to steal our private information, and cautioned that stolen laptops could be a primary target, because cooled DRAM chips can retain their contents for some time after shutting down. The data from the frozen drive includes keys that will unlock the encryption. There seems to be no end to the lengths the identity thieves will go to confiscate our personal data, and as the underground black market for this information continues to grow—which it most certainly will—there remains only one answer to the problem. Grant consumers control over their names and private information and like one of the hucksters for paid ID theft protection does, you can give your Social Security number to anyone and it won’t result in the loss of your identity. Well maybe that’s overdoing it, but you get the idea.

No comments: