When Will We Wake?

Brian Wood Blog

Here’s a little fear-mongering to brighten your day.

It’s bad and then it gets worse — terrifying, even.

It’s not me, it’s you. So fix yourself — all of you out there.

And I’ll be more vigilant too.

Summary article by Pam Baker in FierceBigData.

Emphasis in red added by me.

Brian Wood, VP Marketing


Many IT security pros are sending sensitive data without encryption

Nearly 36 percent of IT security professionals admit to sending sensitive data outside of their organizations without using any form of encryption to protect it, a new survey from Voltage Security found.

“This statistic is cause for alarm, particularly given that encryption provides protection for companies against cyber criminals, competing companies and even governments; it is the key to keeping sensitive data away from prying eyes,” said Terence Spies, CTO at Voltage Security in a statement to the press.  “Encrypting data at the source means that hackers or malicious actors will not be able to see or use the information, even if they do manage to intercept it.”

The survey was conducted at a recent European IT security exhibition by data-centric security specialist Voltage Security, and looked at the attitudes of more than 200 IT professionals towards encryption, big data security and EU data privacy regulations.

As awful as that is, the news from this survey gets much worse.

The survey showed that almost half of respondents are not de-identifying any data within their organizations.

“This inherently provides an underlying foundation for data privacy, ensuring not just that the data itself is secure, but also that the information can only be accessed and used by authorized users and the specific intended recipients,” said Spies.

This is terrifying. Perhaps we should not worry so much about data being de-identified by nefarious characters after all. If this much data is floating around unsecured and fully identified, why would the bad guys have to bother with de-identification?

When will security become the first thought instead of an afterthought? How many more breaches have to happen before data security becomes job one?