Threat Landscape
The Age of Uncontrolled Data Leakage
Somebody else gets paid (or worse) for YOUR stuff just because you are using the Internet.
Here are some significant recent examples:
- NSA ANT Catalogue (USA) : Disclosed by Snowden. A catalogue of NSA products for taking data from PCs, Routers, and many other computers.
- Ransomware (Russia) : One of the most serious current problems because of the sophistcation of the software in surreptitiously putting data out of your control.
- Sony (North Korea) : Data leakage that traumatized Sony Pictures.
- OPM, US Office of Personnel Management (China) : Perhaps the most serious theft in US History in terms of national security.
- Corporate Collections – Facebook, Google, Yahoo, Microsoft, Amazon! These guys are using SED technology already or can, but your organization is likely to be collecting and keeping data on registered users, too. This data is on billions of people worldwide. See the recent article in Bloomberg Businessweek.
All Phishing Initiated
Think about it, even Facebook is phishing for your data when, and after, you sign up.
Society is in the process of putting in the infrastructure to control Data Leakage. Self-encrypting drives are already playing a major role by protecting data-at-rest. At this point in the evolution of controlling data leakage, self-encrypting drives (SEDs) need broader adoption. The purpose of the Drive Trust Alliance is to facilitate that adoption through education, open source software, and commercial services.
Additional Information
A review of current news and the public literature emphatically supports the requirement to protect stored data and that SEDs are the hands-down superior approach to such protection.
Owners and managers of personal and confidential information must become aware of the risks for such data exposure and prepare accordingly.
The annual costs of data breaches to corporations are documented by the Ponemon Institute:
- Ponemon Institute Website
- Ponemon breach studies sponsored by IBM
Privacy Rights ClearingHouse also documents data breaches:
- Privacy Rights Clearinghouse Website
- Data Breaches Chronology
Verizon’s 2015 Data Breach Investigations Report (DBIR) reviews nine common threat patterns:
Run by data journalist David McCandless, Information Is Beautiful also has good information on data breaches: