Editorial: IT security is not enough
Section snippets
Rising risks
Although there are many things that organizations and individuals can do to reduce the risk of becoming a target of data theft and identity fraud, the reality is that cyber criminals can get around most security mechanisms and obtain unfettered access to highly-secure computer systems.
Computer users will click on suspicious attachments and visit risky Web sites despite repeated warnings. Antivirus software is ineffective at detecting the more serious threats, and it is not until after the theft
Data breach costs
The costs associated with data breaches are often high, including millions of dollars to respond to the incident, loss of revenue due to business disruption, ongoing monitoring by government and credit card companies, damage to reputation, and lawsuits from customers and shareholders. Sony estimated the losses resulting from their data breach at over $170 million. The cost of the RSA data breach reportedly exceeded $66 million and caused untold reputational harm. According to the Ponemon survey
Global response
The growing problem of digital theft has compelled governments in many countries to enact stricter notification requirements. Earlier this year, the European Commission proposed a draft European Data Protection Regulation in an effort to have all countries in the EU abide by a single authority when it comes to notification and penalties associated with data breaches. Such regulations can increase awareness of the problem, but they do little to help organizations defend against a data breach.