If you want to close the gaping holes in corporate information
systems, then you need to present C-level managers and above
with real-world risks ($$$) for losing confidential data. They are
aware of threats, but nothing provides an incentive for taking
corrective/mitigating actions like the threat of monetary loss when
you screw up. Pass a few regulations that kick them in the shins
when they lose data, and they will spend time and money
implementing measures that will minimize the threat of losing
data, which they don't own.
A recent security breach at Honda Motor Company allowed thieves to gain access to personal information belonging to millions of people.
While no one’s financial information or social security number was stolen, the hackers did collect e-mail addresses and Vehicle Identification Numbers belonging to 2.2 million car owners, the Columbus Dispatch reports.
The concern is that the cybercriminals can use the information to send out e-mails and trick customers into clicking on malicious sites.
This latest incident is just another example of the rising threat that cybercriminals pose to large companies that maintain massive databases of customer information. But in a less obvious way, the trend also exposes some flaws in the way large companies and other institutions safeguard such information.
Over the past year, large corporations such as McDonald’s, Citibank and Walgreen’s have had their customer databases breached by clever tech-savvy crooks. In August, the social security numbers, grades and other private information of 40,000 former University of Hawaii students were made public. An employee who had been using the data to conduct internal research inadvertently kept the information on an unencrypted server.
Since 2008, more than 2.3 million college records have been compromised, according to a report by Application Security Inc., a database security company.
For the University of Hawaii, it was the third time they’ve had a major foul-up of this sort over the course of a year. And each time, the school reassured the public that it would work harder to improve it’s data systems, according to a news report by the Associated Press.
With Honda, as is the case with many large companies, the private data was managed by a third-party vendor. Graham Cluley, a senior technology consultant at the security software and hardware company Sophos, noted that the practice of outsourcing the responsibility of managing and protecting customer data comes with certain risks. On Sophos’ website he writes:
“There’s an important lesson that more companies can learn from cases like this. You don’t just need to ensure that you are taking enough care about the security and protection of the private customer data you store - you also need your partners and third-party vendors to follow equally stringent best practices.
It may not be your company who is directly hacked, but it can still be your customers’ data that ends up exposed, and your brand name that is tarnished.”
No security system is perfect. And as long as we live in a technologically-managed world, large-scale security breaches will happen from time to time. But taking a closer look at the flaws in a security system just might prevent the ones that can be prevented.
