There’s a reason security consistently appears on IT buyers’ lists of priorities and concerns. We looked last week at some of the biggest cloud and IT disasters of 2013, and this week Networkworld.com weighed in on the worst security SNAFUS of 2013.
Now comes news, first reported by Krebs on Security, of what is believed to be a massive data theft that may have spanned the majority of Target stores from Black Friday through December 15th. The breach was executed by software placed on credit card authorization terminals within the stores and is being investigated by the Secret Service.
Networkworld named Eric Snowden’s data theft and leaks from the National Security Agency the “Biggest Security SNAFU” of the year. That disaster involved not only the security failure due to the agency’s lax internal controls, but ongoing questions about the massive surveillance that Snowden exposed.
The theft of personal information that puts customers at financial risk is one of the most public security breaches that organizations face, and it continues to be a problem. But the exposure of private healthcare information is a rising concern as well. Issues over security of the Healthcare.gov site, which doesn’t actually encompass personal health information at all, probably should have made Networkworld’s list of security SNAFUs, though somehow it didn’t. Still, health data breaches by WellPoint, Cogent Healthcare and New York State’s Office of the Medicaid Inspector General are among those recounted.
Not only is the range of reported data breaches vast—ranging from private texts and home webcam streams exposed to espionage by foreign governments—but so is the variety of vulnerabilities exploited. Breaches ranged from the highest of high-tech software attacks to lost mobile devices, to the improper dumping of paper files in outdoor dumpsters.
The takeaway is that security failures continue to be all too common. A wide array of data types is vulnerable. Long-recognized vulnerabilities continue to be exploited. While one doesn’t want to conclude that failures are inevitable, organizations don’t want to be caught compromising on security procedures, protocols and protection.