Rising Number of Information Security Breaches in U.S. Authorities Consider Mandatory Reporting

Jan. 6, 2011 - PRLog -- Recently, identity theft center revealed 662 instances of data breach in U.S over the last year. However, there are no accurate figures on the number of records breached. Data breach may be caused by hacking, human error, phishing, employee theft and other forms of malicious attacks. Data breach results in disclosure of sensitive personal, financial and business information. The information may include names, addresses, social security numbers, protected health information (PHI), credit card number, bank account details, company strategies and confidential reports. Offenders may use the collected information for identity theft or to steal money. Offenders may also sell the information to their underground peers or to the competitors of an organization. Majority of the reported breaches were related to disclosure of social security numbers and, credit and debit card details. Therefore, individuals and organizations must place high emphasis on information security.

However, several data breaches go unreported. Negligence, lack of awareness on the consequences of data breach and reluctance to initiate legal action are some of the reasons that prevent affected individuals from reporting data breach incidents.  In some cases, data breach reports by public authorities and organization do not contain specific details on the type of data breach, number of records compromised and number of individuals affected. Only 51% of the data reported breaches indicated the number of records compromised. Proper reporting of data breach is crucial to understand the threat pattern, severity of threats, consequences of the data breach and mitigating measures required.
Organizations must educate their employees on safe computing practices to avoid data disclosure and theft. Regular vulnerability assessment tests and use of ethical hacking may aid the organization in understanding the threats and initiating counteractive measures.

Information security professionalssuggest mandatory reporting to ensure availability of all details related to data breaches. Mandatory reporting may facilitate creation of a centralized and publicly available database. Availability of proper data may help the law enforcement authorities to devise mechanisms to control data breach and related crime. Such facility will also help the general public to understand the prevalent threats and precautions to be followed to avoid being victims of data breach.

Contact Press
EC-Council
Website:  http://www.eccouncil.org
Email:  iclass@eccouncil.org
Tel:  505-341-3228

# # #

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences.