Still bloody expensive...
Good
news for breached entities: it won’t cost you as much and customers
are less likely to leave – Ponemon study
March 20, 2012 by admin
The new Ponemon study, 2011
Cost of a Data Breach Study has some interesting findings. From
the executive summary:
- The cost of a data breach declined. For the first time in seven years, both the organizational cost of data breach and the cost per lost or stolen record have declined. The organizational cost has declined from $7.2 million to $5.5 million and the cost per record has declined from $214 to $194.
- Negligent insiders and malicious attacks are the main causes of data breach. Thirty- nine percent of organizations say that negligence was the root cause of the data breaches. For the first time, malicious or criminal attacks account for more than a third of the total breaches reported in this study. Since 2007, they also have been the most costly breaches. Accordingly, organizations need to focus on processes, policies and technologies that address threats from the malicious insider or hacker.
- Certain organizational factors reduce the overall cost. If the organization has a CISO with overall responsibility for enterprise data protection the average cost of a data breach can be reduced as much as $80 per compromised record. Outside consultants assisting with the breach response also can save as much as $41 per record. When considering the average number of records lost or stolen, all of these factors can provide significant and positive financial benefits.
Once again, those who rush to notify
before they have completed a thorough assessment wound up spending
more than those who complete their assessment before notifying
consumers. The difference came to about $33/record. So while the
public wants prompt notification, prompt but
inaccurate notification may wind up costing entities more.
“If you've go nothing to hide...”
Failure to volunteer is awfully suspicious.
Saying
No to an Optional Iris Photo Has Its Consequences
As fellow Occupy Wall Street protesters
who had been arrested
on Saturday were being arraigned, Dallas Pesola remained in a
holding cell on Sunday night, essentially being punished for not
submitting to what was supposed to be a voluntary photograph of his
irises.
Mr. Pesola was released on Monday after
spending 48 hours in custody, double the maximum time for
arraignments set in 1990 by a state Supreme Court judge.
… In 2010, when the New York Police
Department began
photographing the irises of people arrested in Manhattan,
officials said that the images would prevent one
defendant from pretending to be another.
(Related) Not new, but clearly
spreading. Corporations are now aware that bad opinions on social
media can hurt the bottom line yet they are still unwilling to use
social media themselves.
Employers
ask job seekers for Facebook passwords
… Bassett, a New York City
statistician, had just finished answering a few character questions
when the interviewer turned to her computer to search for his
Facebook page. But she couldn't see his private profile. She turned
back and asked him to hand over his login information.
Bassett refused and withdrew his
application, saying he didn't want to work for a company that would
seek such personal information
… In their efforts to vet
applicants, some companies and government agencies are going beyond
merely glancing at a person's social networking profiles and instead
asking to log in as the user to have a look around.
… Since the rise of social
networking, it has become common for managers to review publically
available Facebook profiles, Twitter accounts and other sites to
learn more about job candidates. But many users, especially on
Facebook, have their profiles set to private, making them available
only to selected people or certain networks.
Companies that don't ask for passwords
have taken other steps - such as asking applicants to friend human
resource managers or to log in to a company computer during an
interview. Once employed, some workers have been
required to sign non-disparagement agreements that ban them from
talking negatively about an employer on social media. [Desn't this
change the “employment agreement?” Bob]
Asking for a candidate's password is
more prevalent among public agencies, especially those seeking to
fill law enforcement positions such as police officers or 911
dispatchers.
… Until last year, the city of
Bozeman, Mont., had a long-standing policy of asking job applicants
for passwords to their email addresses, social-networking websites
and other online accounts.
And since 2006, the McLean County,
Ill., sheriff's office has been one of several Illinois sheriff's
departments that ask applicants to sign into social media sites to be
screened.
Chief Deputy Rusty Thomas defended the
practice, saying applicants have a right to refuse.
But no one has ever done so. Thomas said that "speaks well of
the people we have apply."
… In Spotsylvania County, Va., the
sheriff's department asks applicants to friend background
investigators for jobs at the 911 dispatch center and for law
enforcement positions.
"In the past, we've talked to
friends and neighbors, but a lot of times we found
that applicants interact more through social media sites than they do
with real friends," said Capt. Mike Harvey. "Their
virtual friends will know more about them than a person living 30
yards away from them."
… Facebook declined to comment
except for issuing a brief statement declaring that the site forbids
"anyone from soliciting the login information or accessing an
account belonging to someone else."
Giving out Facebook
login information also violates the social network's terms of
service. But those terms have questionable legal weight,
and experts say the legality of asking for such information remains
murky.
The Department of
Justice regards it as a federal crime to enter a social networking
site in violation of the terms of service, but during recent
congressional testimony, the agency said such violations would not be
prosecuted. [“Another law we choose to ignore...” Bob]
Lori Andrews, a law professor at IIT
Chicago-Kent College of Law specializing in Internet privacy, is
concerned about the pressure placed on applicants, even if they
voluntarily provide access to social sites.
"Volunteering is coercion if you
need a job," Andrews said.
No comments:
Post a Comment