More and more organizations are suffering at the hands of the digital terrorists who are slowly penetrating corporate networks and stealing sensitive data not only about or organizations, but our customers and our business partners also.

As a direct result of the exponential rise in digital attacks and the huge number of reports of lost or stolen data, more and more organizations are finding themselves in legally precarious situations as a direct result of inadequate digital security.

Given the recent developments in cyber-law, there is now a requirement in the United States for every organization to have some form of clearly defined privacy and data security policy that aims to protect data from unauthorised access, loss or theft.

Sadly, many organizations are now resorting to their existing business attorneys for legal advice pertaining to cyber law and the truth is business attorneys are not minded in the ways of cyber privacy and information security law.

This means relying on them may leave you vulnerable as your existing legal advisor may not be well versed in the terminology of security and privacy compliance.

As a result, it is important to ensure that organizations have some recognition when it comes to privacy compliance and information security issues so that in the events of a worst-case scenario, the company is well protected and isolated from the subsequent legal action.

The express concerns of the government are that organizations do not become complacent in the realms of digital privacy and information security.  More and more corporations are reporting ‘losses’ of data and un-authorized intrusions into networks.  As a result, it is only fair that those businesses with inadequate security precautions are held partly culpable for the losses they incur.

Recently, an industrial company in Texas has suffered the consequences of lax security policies when hackers managed to steal over $1.2 million dollars in a mere 30 minutes.

Jugal Malani, owner of the Sugar Land Company located in the USA recently received the blunt end of the stick, when his network was exposed and his credit lines were exposed.

The attacks took a mere 30 minutes to perpetrate and those responsible have still not been located.

In response to the attack, Mr Malani expressed complete bewilderment stating he never believed his firm was vulnerable, and subsequently he has upgraded his security.

Constantly, smaller and smaller corporations are facing the brunt of experienced hacker’s intent on breaching network security.

These days, it is no longer a case of having to be a multi-national corporation to be vulnerable, but any organization risks being a target if appropriate security measures are not enforced.

This is an example of a worst-case scenario, but one that is preventable with modern security policies.

Utilizing things such as encryption on files and sensitive calls ensures that no sensitive information is ever available for drive-by hackers.  Drive-by hackers, or hackers that simply roam the internet looking for weak targets are now responsible for a growing majority of attacks on business networks, and they are often escaping without charge due to lax network security that means there is not sufficient evidence left behind to apprehend them.

Security needs a huge paradigm shift from that of a single point of defence into a multi-layered model, which means that should attackers breach one layer of security, they still have many more until they can gain access to sensitive material, and each attempt will leave more and more incriminating evidence.

Next time you are trying to save $2000 on security, just think about this story because it could just end costing two million.

Reports have recently surfaced that the US National Archives recently lost over a terabyte of personal information on an unencrypted hard disk drive. This information is said to have contained highly sensitive details such as social security numbers, personal addresses and also highly classified procedural data regarding White house and secret service operations.

Reportedly, this disk went missing some time ago during building renovations and the FBI is apparently only now conducting a criminal investigation, even though reports state that the drive went missing over 5 month period.
This could essentially make it impossible to track down the source of the loss, and it also begs the question to be asked – “Why did it take so long to notice?”

Statistically speaking, a one terabyte hard drive could contain information on over half a million citizens and for security reasons; the National Archives are not being fully transparent as to the full details of this loss.
This is just another example of how governments continue to fail with nonsensical approach to data security. The fact at the matter is that the Information security professionals responsible for the US national archives should be held partially responsible for this loss.

Security experts have publically deplored the loss stating that there is no reason why a government department such as the National Archives should not have rugged security policy. The above-mentioned breach is illustrative of something a small company may suffer from, but given the sensitivity of the data on this device, some level of disk encryption should have been used as a precautionary measure.

This is just an example of how there is very little in the way of laws to protect sensitive data. Whilst the government managed to lose 1TB this time, it is not the first time that data has been lost or stolen.

It will also not be the last.