CSO Executive Summit

“Why Data Breaches Can Go Unnoticed by Their Victims”
eWeek (02/11/10) ; Prince, Brian

A recent study by Trustwave has found that organizations rarely discover data breaches that take place on their networks. Of the more than 200 data breaches that were examined in the study, all of which took place last year, only 9 percent were discovered by the organization whose data was stolen. Eighty percent of the breaches were uncovered by credit card companies that had access to the data that was stolen. Gartner analyst Avivah Litan says credit card companies are most likely to discover data breaches because they are the ones who stand to lose money when financial information is stolen. Other security experts attribute the findings to the ability of businesses to understand and correlate the large amounts of data that they store. This vast volume of data makes it difficult for organizations to know what risks they need to mitigate, says Tripwire’s Dwayne Melancon. Melancon also notes that since many businesses lack automated, policy-based security controls as well as the ability to enforce configuration standards, they are forced to rely on a “guy paying attention” to protect their data. Others say that organizations are finding it difficult to detect breaches because they spending too much time creating database compliance and auditing reports using homegrown scripts, native logs, triggers, and stored procedures.
(Link to Source/Publication)