Company Mismanagement More Responsible for Data Breaches than Hackers
Electronic records are flowing out of companies in the United States at an amount of 6 million every month in 2007. This was up approximately 200,000 per month in 2006, said a researcher at University of Washington and one other researcher.
The researchers believe organizations that inadvertently bare their data are really to blame because of the administrative errors they commit. There are other reasons too, such as data abuse inside the organization, equipments theft and many like those.
An assistant professor of communication at the University of Washington, Phil Howard is trying to prove that by 2007 end 2 billionth personal record consisting of Social Security or credit card number, medical history or academic grades of one American will become subject to unauthorized access. And this will be due to corporate America, not malicious hackers.
Howard is conducting his study on the basis of incidents of record breach that major news media in U.S. reported from 1980 to 2006. Last year the total breaches were 1.9 billion or approximately 9 breach incidents per American grown up.
Howard and Kris Erickson, a doctoral student plans to release a report of their results in the Journal of Computer-Mediated Communication, July 2007 issue.
The research used media reports to arrive at their findings. According to the researchers, many data-breach incidents did not receive reporting or were not fully reported at the time when California law that forced companies to declare all incidents of violation, had not yet come into effect till 2003. Later, it was confirmed that there was a triple jump in the number of incidents in 2005-2006 against 24 years earlier to that.
Of the total 550 incidents confirmed between 1980 and 2006, hackers' invasions accounted to only 31% while 60% attributed to organizational mismanagement and the remaining 9% were unspecified intrusions, the study said.
Breaches have hit hard on universities, which were 30% of all reported cases. However, they reckon for below 1% of missing data.
According to the researchers, market forces that negatively publicize data breaches wouldn't necessarily mitigate the problem. They also don't trust more states will regulate properly.
Related article: Companies Should Report Cybercrime
» SPAMfighter News - 28-03-2007