Small businesses take note: Verizon recently just released its 2011 data breach report, and the findings have real implications for companies with fewer than 100 employees.
The number of stolen records dropped dramatically to 4 million in 2010, down from 144 million in 2009. But the tally of confirmed breaches rose sharply to 761 from 141 the previous year.
How can we explain these numbers? Hackers are changing their tactics and chasing opportunities. They’ve noticed that many larger corporations are doing a better job of protecting their information. So black hats are honing in on lower-tier business targets—organizations with less savvy, maturity and investment in countermeasures. Once they identify vulnerability, they exploit it.
The information that hackers are targeting appears to be changing, too. Information simply used to impersonate—rip off—consumers and financial institutions isn’t enough for some criminals. There seems to be a rise in the targeting of information that may provide other types of benefits or advantages for business, government or military intelligence, and Lord knows what else.
The good news: The vast majority of breaches are avoidable. They can be stopped when companies conduct the right assessments, identify vulnerabilities and take corrective action. Many of the remedies are relatively inexpensive and easy to implement. I's all about the fundamentals of data management and information security. Ultimately we know what we ought to do, we just need the passion and discipline to do it.
With more than 30 years of experience in risk management, security, loss management and compliance within financial institutions, Brian has held senior positions at Wachovia Corp. and Citigroup. He served as board chairman of the Financial Services Roundtable/BITS Identity Theft Assistance Center.