• Home
• About
• RSS
• Get in touch

Whodunit?

With yet more data loss incidents occurring over the past few days it now seems like the time to ask ‘Whodunit?’ What do I mean, well, let’s say your credit card is cloned and used illegally, or more scarily someone has taken your ID and used it to open a new bank account or credit card and then run up a large debt. (The first you would know about it is when your credit is checked and turns out to be bad…) So, you wonder… who is responsible for that data leak?

The answer is… well, you just don’t know. Unless there is something very specific about the data that was lost and subsequently used. Even with breach notification in place, that will only let you know that the loss has occurred and you could have half a dozen or more of these every year! Of course you might have automatic credit checking in place as part of the data breach resolution (heck, there might even be a service to consolidate all the checks going on – else the same checks will be being run by multiple vendors, or even the same one over and over on your behalf), but it still won’t tell you whodunit. Furthermore, the notification only happens when the leak or breach is noticed – what about those which go unnoticed for years?

I believe breach notification is useful, after all, not being told would be worse than being told several times – but perhaps its time to look at what would be useful to the individual by taking a holistic view of their needs, rather than on a company-by-company basis.

comments

• Connect with us



• Get Email Updates

• Recently Posts

  • Common Criteria EAL +3 Security Certification – What’s all the fuss about?
  • Cyber crime: a real risk to global stability
  • Let’s get back to basics in 2012
  • The challenges of securing industrial control systems
  • The Power of Collaboration Against Cybercrime
  • A View from the London Conference on CyberSpace
  • Safety first when going virtual
  • #smbrisk – a great debate
  • Tainted love….remembering the love bug of 2000
  • Get social, not paranoid

• Pages

  • announcements
  • Application
  • Availability
  • backup
  • botnet
  • Cloud computing
  • Complexity
  • Compliance
  • Consumerization
  • cyber-crime
  • data centre
  • data-loss
  • Denial of service
  • disaster recovery
  • Education
  • Green IT
  • impersonation
  • Information Policy
  • Insider
  • IT equipment
  • Miscellaneous
  • misleading applications
  • Patching
  • Phishing
  • Regulation
  • Reputation
  • SaaS
  • security
  • small business
  • Social Media
  • Spam
  • Speaking
  • Storage
  • trojan
  • Uncategorized
  • Virtualization
  • Virus

• Blogroll

  • Ask Marian Consumer Security Blog
  • Bruce Schneier’s Blog
  • Con Mallon’s Symantec Consumer Blog
  • Gareth’s BE Blog
  • Get Safe Online (The Blog)
  • Gizmodo Gadget Blog
  • Jonathan Schwartz’s Blog
  • Phil Windley’s Technometria
  • Security Bloggers Network
  • Symantec French contributor - A blog from the French pen of Laurent Heslault
  • Symantec Guide to Scary Internet Stuff – Botnets
  • Symantec Guide to Scary Internet Stuff – Drive-by downloads - Video explaining the latest security threats in simple terms, on drive-by downloads
  • Symantec Guide to Scary Internet Stuff – No 5 Rogue AV
  • Symantec Guide to Scary Internet Stuff – No 6 Denial of Service Attacks
  • Symantec Guide to Scary Internet Stuff – No7 Pests on your PC
  • Symantec Guide to Scary Internet Stuff – No8 Losing your Data
  • Symantec Guide to Scary Internet Stuff – Phishing
  • Symantec Guide to Scary Internet Stuff – Underground Economy
  • Symantec podcast channel - A channel of podcasts on current security and availability topics from the experts at Symantec
  • Toby Stevens’ Data Trust Blog