Think you can guess the No. 1 threat to the security of your stored data? If you said hackers, or even trouble-making insiders, you'd be wrong. While malicious threats are an ongoing concern, it's your well-meaning employees who are more likely to unknowingly expose your company's stored data through, say, a file-sharing network or a misplaced laptop.
In fact, a recent Ponemon Institute study found that negligent insiders are by far the biggest threat to data security, accounting for 78 percent of all breaches.
In this special report, you'll learn the latest techniques for protecting stored data within company walls as well as stored data that flows freely in and out of your organization on laptops, tapes and other movable media.
And don't forget to take the Storage Networking Industry Association's storage security self-assessment quiz and test how well your stored data is protected. Plus, brush up on storage terms with SNIA's online glossary and resource guide.
Data breaches, unfortunately, have become a way of life for the corporate world. According to the Identity Theft Resource Center (ITRC), 2008 saw a 47 percent increase in documented data breaches from the year before. And those are just the ones that made the news, says Craig Muller, an identity theft expert and founder of Identity Doctor. "I get e-mails constantly telling me of breaches," he says.
The public is definitely feeling the pain. In a 2008 study by the Ponemon Institute, over half (55 percent) of 1,795 adult respondents across the US said they'd been notified of two or more data breaches in the previous 24 months, and 8 percent said that they'd received four or more notifications.
But companies are still not sure how to protect themselves. In a Ponemon survey released last month, only 16 percent of the 577 security professionals who responded said that they were confident or very confident that current security practices could prevent the loss or theft of customer or employee data.
One way to gain confidence is to examine actual breaches and learn from them. Here's a look at five common types of breaches, with advice about how to avoid similar mishaps.
1. Stolen Equipment
In May 2006, personal data on 26.5 million veterans was compromised when a laptop and a storage disk were stolen from the home of a subcontractor working for the US Department of Veterans Affairs. Both items were recovered, and arrests were made. The FBI claimed that no data had been stolen, but the incident prompted sweeping reform at the VA. However, in January 2007, another breach occurred when a laptop was stolen from an Alabama medical facility, exposing personal data on 535,000 veterans and more than 1.3 million physicians.
Costs: By June 2006, the VA was burning through US$200,000 a day to operate a call center to answer questions about the breach. It also spent US$1 million to print and mail notification letters. It was given permission to reallocate up to US$25 million to pay for those costs. Class-action lawsuits were also filed, including one demanding US$1,000 in damages for each person affected. After the 2007 breach, the VA set aside an additional US$20 million for breach-related costs. And the department recently agreed to pay US$20 million to current and former military personnel to settle a class-action lawsuit.