The security week that was: 04/29/11 (impact of data breaches)

The impact of data breaches

Having spoken with security executives and other business leaders over the past three years here at SIW, I've learned that one of the most dreaded security incidents an organization can face is a network security breach. Not only can it effectively cripple business operations for days or even weeks, in the worst cases, it can have an effect on your customers and clients if their personal information is compromised.

One of these worst case scenarios was brought to light this week when Sony announced that a hacker recently gained access to the account records of more than 70 million customers of its PlayStation Network, the company's online gaming service. The company said that the hacker may have also gained access to users' credit card information.

While companies do what they can to ensure that data breaches don't occur, the fact remains that there is a full-fledged, underground industry devoted to breaking into corporate and government networks.

Following last year's discovery of the Kneber Botnet, which affected thousands of companies as well as 10 U.S. government agencies, I spoke with Andrew Sroka, president and CEO of IT data security firm Fischer International, who said that the harm companies can suffer to their credibility as the result of a breach can be far greater than monetary damages.

"A high-profile, high-value breach that is widely publicized is a credibility damaging event. In some cases when we look at Societe Generale or TJ Maxx, there is a significant and immediate business impact from these breaches," he said. "From our perspective, that is the one thing you really want to be aware of. It's far more of a penalty than whatever regulatory fines your organization must pay. It's far more (impactful) than the onus of any state disclosure or breach notification rules or obligations your organization might have. The value of those penalties is far out-shadowed by the damage to an organization."

Sony has been criticized by many for the way it has handled this intrusion to the PlayStation Network. In an article published by CNN, one gamer characterized the lack of information from the company to its customers as "deplorable."

Look for more on this topic from SIW in the coming weeks.

U.S. food supply vulnerable to terrorists?

As the number of sources from which Americans get their food from has increased in recent years, so to has the threat of a bioterrorism attack on the U.S. food supply, according to an article published this week by the Kansas City Star.

Experts attending the International Symposium on Agroterrorism said that this diversity in the food supply chain has made it increasingly difficult to safeguard consumers from contamination, according to the report.

According to Katherine Doherty, editor-in-chief of Food Logistics magazine, the food logistics industry while concerned about possible incidents of bioterrorism are currently more focused on how the Food Safety Modernization Act will affect their companies. The act, which was signed into law earlier this year by President Barack Obama, requires companies to take preventative steps to avoid incidents of food contamination.

"There is a concern of having enough FDA inspections at ports and those kinds of things," she said. "Our readers tend to be more worried about how the act is going to impact them rather than terrorists."

To learn more about the Food Safety Modernization Act, click here to read an article from the January/February issue of Food Logistics magazine that discusses the legislation in greater detail.

In other news
Crisis management plans, national security team shakeup, more

An outbreak of severe weather this week killed nearly 300 people and leveled homes and businesses across the southeast. In his Security2LP blog, security consultant Curtis Baillie discusses the importance of having crisis management plans in place to deal with disasters. Also, you can find more information about crisis management plans in this story we ran last month on securing hospitals during times of disaster. ... President Obama has shaken up his national security team, naming current CIA Director Leon Panetta as the next secretary of defense and placing Gen. David Petraeus in charge of the CIA. ... Security Technology Executive magazine is accepting entries for its 2010 Security Innovation Awards, which will be presented during the ASIS 2011 conference in September. ... TimeSight Systems has received additional funding from Contour Venture Partners and New Venture Partners that the company says it will use to pursue market expansion opportunities domestically and internationally.