===============================================================
T H E S E C U R I U S N E W S L E T T E R
===============================================================
June 23, 2005 | Vol. 6, #02 | http://www.securius.com/
CONTENTS:
* ATTACK OF THE DATA THIEVES
* PC GUARDIAN NEWS
===============================================================
A service of PC Guardian Technologies, Inc.
San Rafael, California, US
http://www.pcguardiantechnologies.com/
===============================================================
--------------------------------------------------------
ATTACK OF THE DATA THIEVES
--------------------------------------------------------
By Steven Lerner-Wright
Data thieves have been busy this year.
Recent thefts of legally protected information include 600,000
unencrypted records from Time Warner, 1.2 million federal employee
records from Bank of America, 180,000 Polo Ralph Lauren customer
records, 1.4 million customer records from shoe retailer DSW,
3.9 million records from CitiGroup, and many more.
The topper was announced last Friday: tens of millions of MasterCard
customers exposed to risk by a data security breach.
News reports of these thefts are front cover stories in the trade
press like Information Security magazine, Bank Technology News, and
Network World, and the issues are being picked up in national news
outlets such as USA Today, Fortune Magazine, and National Public
Radio.
The word finally is getting out that sensitive financial and medical
data files on computers and digital media are being stolen.
Judging by the headlines, these data breaches appear to be epidemic,
and lurid media reports suggest that companies are battling an
outbreak of new and novel data security problems. But there's
nothing intrinsically unusual about the past several months.
The fact that breaches are now being reported in the press can be
attributed almost entirely to California's Data Breach Notification
Act (SB 1386). Before SB 1386 was passed into law July 2003, neither
companies nor government agencies were required to report security
breaches or theft of sensitive financial records.
This serves as a reminder that data theft is not new. It's been a
serious problem that has been going unreported for years. See:
http://www.consumeraffairs.com/news04/2005/choicepoint_congress.html
Harm from these ugly incidents could have been prevented had the
data on the storage devices been encrypted -- a fact that is
explicitly recognized in the SB1386 text:
Any entity shall disclose any breach of the security of the
system ... to any resident of California whose _unencrypted_
(emphasis added) personal information was, or is reasonably
believed to have been, acquired by an unauthorized person ...
The recent spate of thefts has angered members of the US Congress
and other politicians, including those in Illinois that passed a
breach reporting law on Monday. Senator Dianne Feinstein, who
earlier this year introduced a national version of the California
law (S115), introduced another bill (S751) that increases the burden
on entities when private information may have been compromised.
S751 would require prompt written or other notification to those
individuals whose personal information may have been breached, and
it would force organizations to send notices to credit reporting
agencies if the security breach involved more than 1,000
individuals. In addition, the bill would impose penalties of $1,000
per person (a $50,000 per-day cap).
Language in S751 makes it unambiguous as to when an entity must
report a breach of security:
(2) BREACH OF SECURITY OF THE SYSTEM. The term 'breach of
security of the system' (A) means the compromise of the security,
confidentiality, or integrity of data that results in, or there
is a reasonable basis to conclude has resulted in, the
unauthorized acquisition of personal information ...
Encryption is the core technology for protecting electronic
information and for fulfilling these rapidly evolving legal mandates.
As we know, encryption is the process of transforming information to
ensure two key attributes:
* Confidentiality (the information is kept secret), and
* Integrity (the information is not corrupted)
Traditionally, encryption has been used to guarantee military and
diplomatic secrets. However, with the emergence of the Internet,
encryption has been deployed to protect information in all kinds of
settings, from electronic funds transfers to ecommerce transactions.
The use of encryption in business and government has become
necessary due to the lack of trust. Individuals need to protect
their financial and medical information. Companies must not lose
trade secrets to competitors. Governments must protect the national
interest. The scenarios range from the simple to the complex.
Historically, an enterprise organization needed to use encryption
for isolated problems, such as protecting data on the laptops of key
executives. Data protection has now evolved into a compliance issue.
Daily news reports of information security breaches only reinforce
the importance of installing fool-proof data protection at every
level of an organization.
There is no better fool-proof technology than encryption. Every
organization either is or will soon be searching for a pervasive
encryption solution that is scalable, easily managed and affordable.
Vulnerable entities are reducing the risk of data exposure, and loss
of public trust, by protecting sensitive information with PC
Guardian Technologies' information security solutions, especially
Encryption Plus Hard Disk, Encryption Plus Email and the latest
Encryption Anywhere CD-DVD.
Qualified enterprises can evaluate these solutions. For more
information, visit http://www.pcguardiantechnologies.com
Also, you might be interested in reading Senator Feinstein's Op/Ed
piece about the recent data thefts, which appeared in the San
Francisco Chronicle March 31, 2005:
http://feinstein.senate.gov/news-data-breaches.html
Upcoming issues of the Securius Newsletter will explore the social
and technological implications of data thievery. 'Til then, keep
your guard up.
--------------------------------------------------------
PC GUARDIAN NEWS
--------------------------------------------------------
PC Guardian Technologies Inc. recently announced it has received
$6 million in a Series A round of financing. The round was funded
by Altos Ventures and Cardinal Venture Capital, with equal
participation by each firm. Investment banking firm, SVB Alliant,
served as the financial advisor and placement agent. The company
will use the infusion of capital to support ongoing research and
development and expand sales and marketing efforts.
The full announcement can be found at:
http://www.pcguardiantechnologies.com/press/20050606_PC_Guardian_Technologies_Anounces_6_Million_in_First_Round_Funding.html
===============================================================
ABOUT THE AUTHOR
Steven Lerner-Wright is the Marketing Communications Director at
PC Guardian Technologies.
===============================================================
ABOUT THIS NEWSLETTER
The Securius Newsletter is published by PC Guardian Technologies,
a trusted partner to organizations looking to reduce the cost and
complexity of deploying and managing enterprise-class encryption
across multiple mobile devices.
Please visit us at
http://www.pcguardiantechnologies.com/
You can find our archive of back issues at
http://www.securius.com/
SUBSCRIBING/UNSUBSCRIBING
To unsubscribe from this newsletter, send an email to
leave-securius-nl@lists.securius.com
To subscribe to this newsletter, send an email to
join-securius-nl@lists.securius.com
FEEDBACK OR QUESTIONS
Write Seth T. Ross
seth@securius.us
PC Guardian Technologies, Inc.
1133 East Francisco Blvd.
San Rafael, CA 94901 US
FORWARD THIS MAIL RIGHT NOW
Please take a moment and forward this newsletter to a colleague
or friend.
===============================================================
Redistribution of this newsletter is permitted, as long as the
entire message body and this notice are included.
Copyright 2005 PC Guardian Technologies, Inc. All rights reserved.
---
You are currently subscribed to securius-nl as: security.world@gmail.com
To unsubscribe send a blank email to leave-securius-nl-7705421Y@lists.securius.com
No comments:
Post a Comment