A change in data breach notification laws predicted to expose the biggest breach to overshadow previous reports

News by Dan Raywood

A new 'biggest breach' will occur next year to eclipse previous incidents.

A new ‘biggest breach' will occur next year to eclipse previous incidents.

Reed Henry, senior vice president of marketing at ArcSight, claimed that breaches are happening all of the time and most go unnoticed, but new disclosure laws will change that to ensure that all are reported.

Henry said: “The fact is that many companies are blind to what is happening in their networks – they do not review logs, their scanners are signature-based, and they do not know who is actually on their networks.

“Given that criminals focus on ‘where the money is' and have the skills or can contract for them to develop targeted exploits, you can be assured that the top repositories or thoroughfares for identity, health, credit card and payments information are under assault right now.

“Whether it is being thwarted by diligent security professionals and security information and event management (SIEM) technology or the assault is stealthily siphoning off data that will set the all-time breach record in 2010.”

He was also critical of encryption being offered as a solution, as the RBS Worldpay instance showed that if an administrator's credentials are compromised, encryption does not help.

Speaking on data loss, Mike Bienvenu, technical director of Softek, said: “Data loss will not go away, it will keep on happening. It has been a good year for government and the NHS but for next year there will be a massive growth in the government sector for USB providers like BlockMaster.”

He went on to claim that 2010 will be a great year for data loss prevention policies, as 2009 was the year of data loss but it will continue into 2010. “Once the information commissioner has got some teeth people will take it more seriously,” he said.

“In ten years time we will read stories of 100,000 records being lost but until then if people do not take care and put technology in it will continue. It is not just about controlling users, it is about educating too.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews