Protecting the value of your business Posted on September 20, 2011 by Tim Burke I can’t emphasize this enough: All of the technology products and services an organization devotes to securing its data, applications, systems, and networks have but one aim — to protect the value of the business. Conversely, every data breach reduces the value of the business — and there are more data breaches every year. The data breaches* we know about: Up +32% in 2010 Data breaches in 2010… Number of records known to be exposed in 2010 Percent of records known to be exposed in 2010 Percent of 2010 breaches Percent of breaches where the number of exposed records is unknown Business 6.624 million 41.0 % 42.1 % 65 % Banking/credit/finance 4.854 million 30.0 % 8.2 % 68 % Medical/healthcare 1.874 million 11.6 % 24.2 % 35 % Education 1.598 million 9.9 % 9.8 % 47 % Government/military 1.215 million 7.5 % 15.7 % 50 % Total 2010 breaches 16.165 million 100 % 100 % 54 % * A breach = an event in which an individual’s name plus Social Security Number (SSN), driver’s license number, medical record, or a financial record/credit/debit card is potentially put at risk. Source: Identity Theft Resource Center (http://www.idtheftcenter.org/ITRC%20Breach%20Stats%20Report%202010.pdf) What’s required to avoid this is different for every organization, and it’s always evolving. That means effective information security never starts with decisions about what products to buy. No single technology product will ever meet all your security needs. Protection requires you understand what you’re trying to protect and be able to constantly, vigilantly adapt to an ever-changing threat environment.