FindLaw columnist Eric Sinrod writes regularly in this section on legal developments surrounding technology and the Internet.
Businesses want to know whether they are potential targets for security breaches, and if so, they seek to identify the types of electric records that may be at risk.
The Trustwave 2012 Global Security Report sheds some light on these concerns by identifying top data-security risk areas. Highlights of the report include the following findings:
- Interestingly, the food and beverage industry, for the second straight year, comprised the highest percentage of security investigations at almost 44%.
- Industries with franchise models have become the most recent cyber targets, as more than one-third of 2011 investigations related to a franchise business.
- In-transit data within victim environments are frequently targeted by data-harvesting techniques, as revealed in 62.5% of 2011 investigations.
As a head's up, the most common password implemented by global businesses is "Password1," due to its satisfaction of the default Microsoft Active Directory complexity setting.
The targeting of customer records emerged front and center in 2011, according to the Trustwave report: 89% of attacks were focused on obtaining personally identifiable information, credit-card data, and other customer data.
Plainly, businesses in the food and beverage industry, and those with franchise models, need to be aware of and take preventive measures to help thwart security breaches. But this admonition frankly applies to all businesses that operate online -- meaning, practically all businesses.
In addition, protections should be put in place with respect to in-transit and other data, true password protection procedures need to be instituted, and customer records and related personally identifiable information must be safeguarded.
There is no such thing a perfect cyber security, but businesses can and should do better.
Eric Sinrod is a partner in the San Francisco office of Duane Morris LLP (http://www.duanemorris.com) where he focuses on litigation matters of various types, including information technology and intellectual property disputes. His Web site is http://www.sinrodlaw.com and he can be reached at firstname.lastname@example.org. To receive a weekly email link to Mr. Sinrod's columns, please send an email to him with Subscribe in the Subject line. This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author's law firm or its individual partners.
- Trustwave 2012 Global Security Report (Trustwave)
- Poor passwords and no detection: Trustwave report reveals business security failings (Computer Business Review)
- US cybersecurity efforts trigger privacy concerns (The Associated Press)
- Should I Buy Cyber Insurance for Online Protection? (FindLaw's Technologist)