Exploring 2012 Data Privacy Threats: Part 2 of 3
Jennifer LeClaire - January 27th, 2012
This is part two in a series of three on data privacy. Read Pat’s first interview here.
Are we desensitized to hack attacks despite the headline-making stories featuring Anonymous last year? What can we expect in 2012 on the data privacy threat front? And where are the weakest links in the enterprise? Veteran technology journalist Jennifer LeClaire had questions, and Lumension CEO Pat Clawson offered some insightful answers in part two of this three-part series on data privacy.
LeClaire: Looking back over the past year, what were the most significant changes in the data privacy landscape?
Clawson:
Desensitization. Part of me thinks security issues have been relegated to page 27 in the newspaper. Despite their severity, they’ve become noise. It’s interesting. Throughout the rest of the world, there’s the argument that there’s no reason to let anybody know when data privacy is breached—that disclosure is not critical. Fortunately, we saw some of that change in the UK and legislation emerged. We’ve also seen it happen in Central Europe.
I’m not sure if things just aren’t happening here in the United States—which I find highly unlikely —or if we don’t report it or if it’s just become more noise that no one pays any attention to it. Remember Slammer, Blaster, and Code Red in the early 2000s? Those worms were a big deal. Everybody around the world knew about it. Today, worse things are happening every day and few people talk about it.
LeClaire: That’s massive desensitization…
Clawson:
Yes, we’re massively desensitized. Hackers have gone from bad guys getting famous by making a lot of noise to a much quieter hacker who steals data without anyone knowing it. Unlike a physical break-in, there’s no broken glass and the jewelry cabinets are not empty. Everything is still sitting where it’s supposed to be. Today’s savvy hacker mines data quietly.
Earlier this year we saw Anonymous attack Sony PlayStation. That single incident is rumored to cost Sony billions of dollars because a hacker group got upset with a large corporation. The attack got a lot of press because Anonymous was trying to prove a point and that’s what everyone wanted to talk about—the point. But there’s other nasty stuff happening that’s not as big and not as famous as what happened at Sony and no one talks about it.
LeClaire: With this desensitization in mind, where do you predict the biggest threats to data privacy will come from in 2012?
Clawson:
The same threats will continue to manifest in 2012. There will be one or two really notable events yet nothing will really change unless we as a nation decide to do a better job securing our data. It’s in education. It’s in television advertising. It’s in things we mail to people. It’s however we reach out and communicate with the American population. I don’t care if you’re a factory worker and you have one PC in the living room that the whole family shares or you’re a high-profile New York City family and everyone has two laptops and an iPhone. You still need to understand that there are real ramifications for lack of security.
LeClaire: What are the most common data privacy weak links in corporate settings?
Clawson:
Some of the technologies that are making our lives easier, like cloud computing, inject an element of risk into the enterprise. In corporations, there is a chain of trust where the data sits. But personal cloud-based technologies and web browsing environments also have an impact on the security of corporate data.
Studies show that more than 60 percent of a corporation’s most sensitive information resides on employee laptops. Yet employees are using private cloud environments like iCloud, for one example, or Amazon’s version or Microsoft’s version, or some other tool. Information is moving on and off these devices outside the control of the company.
FREE Scanner
Free eBook &
Over 48% of IT Directors say that mobile devices represent the greatest network security threat.
[...] This is part three in a series of three on data privacy. Read Pat’s first interview here and second interview here. [...]