Site Archive (Complete)
ABOUT US | CONTACT | ADVERTISE | SUBSCRIBE | SOURCE CODE | CURRENT PRINT ISSUE | NEWSLETTERS | RESOURCES | BLOGS | PODCASTS | CAREERS
DrDobbs Portal Blog: Security Breaches: A Question of 'When'
EDITOR'S EYE

The World of Software Development.

by Jon Erickson
March 14, 2007

Security Breaches: A Question of 'When'

According to a study conducted by a pair of University of Washington researchers, some sort of security breach involving your personal records is not a matter of "if" but of "when."

The study, entitled "A Case of Mistaken Identity? News Accounts of Hacker and Organizational Responsibility for Compromised Digital Records, 1980–2006," was conducted by Phil Howard, an assistant professor of communication at the University of Washington, and Kris Erickson, a UW geography doctoral student. It revealed that electronic records in the U.S. are being compromised at the rate of 6 million a month in 2007, up some 200,000 a month from 2006.

Howard and Erickson base their projections on a review of breached-record incidents as reported in major U.S. news media (the New York Times, L.A. Times, USA Today, and major broadcast news media) from 1980 to 2006. The total through 2006 stood at 1.9 billion -- or about 9 records per American adult.

More specifically, the researchers found out that:

  • Surprisingly, malicious intrusions were a minority (31 percent) of the confirmed incidents between 1980 and 2006. Most -- 60 percent, in fact -- were attributable to organizational mismanagement such as missing or stolen hardware. The balance of 9 percent was due to unspecified breaches.
  • Probably because of California's Security Breach law that requires companies to disclose security lapses (and similar laws in more than 20 states), the number of reported incidents more than tripled in 2005 and 2006 compared to the previous 24 years.

The grand-daddy of all reported breaches is still the 2003 incident involving 1.6 billion records held by Acxiom, an company that stores personal, financial and corporate data. In that case, the intruder controlled a company that did business with Acxiom and had permission to access some files on Acxiom's servers, but illegally accessed into other records and then tried to conceal the theft.

A pre-publication draft of the paper is available.

Posted by Jon Erickson at 10:18 AM  Permalink




January 2008
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    


BLOGROLL
 

♦ sponsored
INFO-LINK


| All Feeds
© 2008 Think Services, Privacy Policy, Terms of Service, United Business Media LLC
Comments about the web site: webmaster@ddj.com
Related Sites: DotNetJunkies, SD Expo, SqlJunkies