Simply Security - News, Views, and Opinions from Trend Micro

Posted on August 31st, 2011 in Current News by Simply Security | 1 Comment | Tags: Current News

Data breaches can be painful, but many are preventable.

At their best, data breaches are nuisances. At their worst, they can be devastating. But as painful as data breaches are, the one thing most have in common is that they're preventable.

That is the conclusion reached in a new report from Protegrity, which stated that many of the high-profile breaches that made headlines in recent months could have been avoided by using relatively simple data security methods.

Attacks, such as those affecting Sony, Citigroup and Epsilon, highlight a growing trend in which cybercriminals are making more concentrated efforts to steal sensitive data from organizations that may have once been consider impenetrable. However, lapses in judgment, poor security practices and a bit of bad luck have shattered this perception, leaving customer confidence and company reputations in the wake.

"Data breaches are spiraling out of control, and companies such as Sony, Citi and Epsilon are finding out just how expensive it is not to protect customer data properly," said Protegrity CEO Suni Munshani.

In some cases, these attacks are one-time incidents. However, as Trend Micro's latest threat report showed, many cyberattacks put businesses and consumers at risk of future incidents. In Epsilon's case, for example, hacks of its email system put more than 50 of the vendor's clients at risk of additional spear-phishing attacks.

Therefore, it is imperative that businesses are diligent in their data protection practices. No expert would be bold enough to assert that data protection can be guaranteed. Indeed, a recent Ponemon Institute study estimated that more than 90 percent of businesses suffer data breaches. But there are steps companies can take to minimize damage.

One solution suggested by Protegrity is tokenization. This method has picked up steam in recent years, especially among companies that handle credit card information. By replacing credit card data with a less sensitive value, or token, stealing information is a significantly more difficult task.

"Data security solutions like tokenization and consistent security policies would have prevented all of the three data breaches mentioned in the report and saved those companies tens of millions of dollars in damages and litigation," Munshani stated.

The Payment Card Industry Security Standards Council recently introduced new guidelines for businesses that choose to utilize tokenization as a data security measure. Though the guidelines do not set an industry-wide standard for tokenization, they do provide helpful best practices and define the areas that need special attention.