Although many organizations are expanding security efforts, the number of identity theft incidents is still increasing. Every two seconds, someone becomes a victim of identity theft in America. Last year, identity theft tolls amounted to $100 billion.
The Federal Trade Commission reports identity thieves victimize 10 million Americans annually. Data Loss Prevention (DLP) has become a top priority for federal and state governments as well as industry regulators, whom have enacted laws with monetary fines, forcing organizations to improve protection of sensitive data.
Breached organizations suffer significant loss from a data leakage incident. According to a Ponemon Institute 2010 study, the total average cost of a data breach has reached $214 per record compromised. The average total cost per reporting company reached $7.2 million in 2010. Organizations now often pay for credit monitoring services for the impacted individuals. They will also suffer a damaged reputation because all security breaches must be publicly disclosed.
Two Common Approaches to Data Loss Prevention
Many organizations still don’t know how to tailor a data loss solution to fit their company’s needs. There are two approaches to information security to help alleviate the situation – “Data-at-Rest DLP” and “Data-in-Motion DLP”.
The Data-at-Rest (DAR) approach is growing in acceptance and is being adopted because of its ability to guard data at its source. This approach refers to data stored on computers, storage devices, or being used by the data owner. The Data-in-Motion DLP (DIM) solution refers to protecting data transmitted over a network. It is successful in preventing data from leaving the organization when individuals send information that is unprotected.
There is no instant cure or a single “silver bullet” for all types of threats. However, data loss can be prevented by understanding the most recurring breach type and enacting a solution to best treat the problem, as shown in the table below:
Threat --> common DLP process
Hacker (includes malware) --> Data-at-Rest
Digital Media (lost/stolen computers, backups, etc.) --> Data-at-Rest
Web Content --> Data-at-Rest, Data-in-Motion
Accidental Transmission (e-mail, etc.) --> Data-in-Motion
Physical Media (lost/stolen papers, etc.) --> Policy
Dishonest Insider --> Policy, Access Controls
Other/Unknown --> Access Controls
What’s Right for Your Organization?
Data-at-Rest solutions allow organizations to be proactive because the technology secures data at its source, preventing the majority of data loss problems. Advanced technologies allow core reporting on risk exposure, which can create an informative analysis showing the patterns over time. Knowingly or not, employees may have personal information stored in a variety of locations, including emails, databases, websites and desktop files. Organizations should periodically clean these systems to prevent data loss at the source.
Data-in-Motion solutions may stop the transmission or sending of information, but they don’t help the problem at the source. Additionally, employees may feel that this is intrusive or interferes with productivity, if the emails they try to send continually get blocked, for example.
Many enterprises are moving the responsibility for managing discovery and remediation efforts from the IT staff to the individual data owners. However, Data-in-Motion solutions usually require a centralized governing system that is run by an IT administrator. With Data-at-Rest solutions, administrators may have management, reporting and remediation capabilities from a centralized console, but are empowering employees not only to see the problem but also take action to fix it.
By transferring the processing power and remediation responsibilities to an entity’s data owner, the organization has the power to inform and educate its employees and positively influence their behavior. Some Data-at-Rest solutions provide users with options regarding how to handle private information once it is located, including the ability to digitally shred, encrypt, redact or quarantine it.
Data-at-Rest solutions help minimize exposure risk, and are often less costly than Data-in-Motion solutions. Data-in-Motion systems have higher ongoing maintenance costs, software costs, professional services costs and hardware costs. Minimum infrastructure requirements for these solutions typically cost from $25K-$150K. Professional services required to configure Data-in-Motion systems can be more costly than the software itself, and the higher level of configuration and customization desired by an organization, the higher the cost.
Solutions with only software and maintenance costs and minimal hardware requirements help maximize the investment. Data-at-Rest solutions can typically be installed on simple pre-existing hardware, and do not require IT professionals to configure and setup the technology. Total cost for a Data-at-Rest solution is often less than half the cost of installing a Data-in-Motion solution.
Protect Your Data, Your Reputation and the Bottom Line
According to research published by Privacy Rights Clearinghouse together with its "Chronology of Data Breaches", the most common data breaches occur from the loss of digital media (44 percent) and hackers (22 percent). These intrusions might have been avoided with a properly implemented Data-at-Rest approach to DLP, which would have secured or cleaned the information before the loss occurred. The “socially typical” types of data breaches, such as employees accidentally emailing sensitive data, account for around 6 percent of all data historically lost, showing they are not major sources of data breaching.
While implementing both Data-at-Rest and Data-in-Motion solutions may increase their protection, many IT departments do not have the budget for this. With the majority of data breaches occurring from unsecured Data-at-Rest, it is important to remember that this is the greatest threat, and therefore selecting a security solution that helps protect data at its source will provide the majority of organizations with the best protection for the investment.
Security contractors hired to run screening operations at Canadian airports
G4S, Garda, Securitas and Aeroguard to provide security services within four designated regions
BY JOEL GRIFFIN, ASSISTANT EDITOR
SecurityInfoWatch.com
Updated: 08-9-2011 4:27 pm
The Canadian Air Transportation Security Authority announced this week that it has selected four private security contractors to provide screening of passengers and baggage in specific geographic regions.
Among the companies chosen include; G4S Secure Solutions (Canada), Pacific Region; Aeroguard Company, Prairies Region; Garda Security Screening, Central Region; and Securitas Transport Aviation Security; East Region.
CATSA said that consolidating its number of contracts from 17 to four will help it streamline its operations and expenditures. The new contracts begin on Nov. 1, 2011 and end on March 31, 2017, with an option to extend them for up to five additional years.
According to Jean Pierre Taillon, president of G4S Secure Solutions, Canada, providing security screening at airports is unique from other markets that the company serves with regards to the philosophy that is used and the level of customer service provided.
"One of the fundamental differences in screening an airport is how do you manage the queue times, the courtesy, how you are treating individuals as you have to pat them down, and run them through the X-ray machines and metal detectors," he explained. "So, it's an entirely different process than if you're doing a commercial property or if you're doing healthcare."
Taillon said that the new contract, which will cover 22 airports in the region including Vancouver International, will be the company's first in the Canadian airport screening services market since 2003. G4S already provides screening services at more than 60 other airports around the world including the Netherlands, Belgium and Iraq.
Taillon said one of the biggest challenges of handling security at these airports will be managing flight schedules and the weather.
"This is just like anywhere else in the world. Typically, your peak hours are between 7 a.m. to 10 a.m. and then from 4 p.m. to 7 p.m.," he said. "So, how do you schedule and book your security officers in order to have the right number of officers working on the workload? It's all capacity management. The other aspect is inclimate weather and late planes. How do you minimize the impact to customers going through screening and make sure you have enough people to do that work? That's the secret sauce."
Taillon said that G4S will take over an existing workforce of 1,800 employees in the region and train them to the company's standards. He said that the utilization of private screening companies will introduce best practices into the market.
"G4S is a global security company. We do screening around the world. In fact, the chief operating officer we have running this project is from Amsterdam, so he's bringing best practices from Europe, especially in queuing theory and customer service efficiencies," Taillon said. "By contracting it out and having four different suppliers across the country, it is providing CATSA with an opportunity to really push the envelope on customer service, queuing and security."
Ohio teen dies after being struck with stun gun
Coroner says teen who died was stunned before
By The Associated Press
Updated: 08-8-2011 2:00 pm
CINCINNATI
--
A coroner says a southwest Ohio teenager who died after being hit by a stun gun also had been shocked with a stun gun last year.
Police say an 18-year-old man attending summer classes at the University of Cincinnati was struck by a campus officer's stun gun and died of cardiac arrest this weekend. They say the teen approached officers in a dormitory hallway, appearing agitated and angry, and when officers ordered him to back off, he refused and was struck with a stun gun.
Hamilton County Coroner Amant Bhati tells The Cincinnati Enquirer ( http://bit.ly/rpnB2Y) the teen also had been shocked with a stun gun and then rushed to a hospital last year. Bhati didn't share other details about that incident.
The university is investigating the teen's death.
0 comments:
Post a Comment