Report Finds Little Risk of Fraud from Data Breach But Don't Miss Forest for the Trees
A new report from the Government Accounting Office (GAO) finds a limited threat of identity theft and fraud from data breaches. The GAO is generally seen as an objective and reliable source of information for policy makers so this is a significant finding. It does, however, raise the question, what drives data breaches if it isn’t the potential financial gain?
We had the case of a database administrator selling financial and personal information recently. He obviously made money off the deal (at least in the short term), but what about other cybercriminals who are committing breaches? Don’t they know their chances of committing fraud or identity theft are relatively slim? Or are we missing something?
Perhaps rapid responses to data breaches are minimizing the chances of fraud and data thieves have yet to figure this out. Or have some thieves shifted their attention away from customer data to intellectual property? Why not steal a design, a sales lead database, or other insider information? I’m not as convinced as others that data breaches are limited threats.
ComputerWorld quotes Alan Paller, director of research at SANS, approving of the findings because too much attention as been placed on data breaches at the expense of other threats:
Some lawmakers have "dropped the ball on the far more important area of attack-based defenses," he said.
Yes, with respect to customer financial data, data breaches are not as big a problem as other threats but lets not miss the forest for the trees. Credit card numbers aren’t the only thing data thieves will go after. Any business with intellectual property should not be lulled into a false sense of security by this report.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
Comments
Now is not the time to become complacent about cyber security. We certainly do not know what latent effects data breaches may have, since monitoring typically is done for just one year. Knowing that at least some cyber crime is committed by enemies of the United States, we need to be aware of things that can damage our national security. While financial activity is monitored short-term, perhaps personal data are used to create identities for people to commit nefarious acts. In addition to intellectual property mentioned in the article, we need to be aware of the damage potential of national security data breaches. Those attempting to compromise our data do not limit their imaginations. . . nor should we.
Posted by: Craig Herberg | July 8, 2007 1:30 AM