Wednesday, November 12, 2008

Scary criminal activity and data theft

Even though one knows that criminals are increasingly behind some of the larger data breaches, it not until we get hit on the head do we pay attention. I just read this recent article from USA Today about the latest attacks on corporate intellectual property - I tell you, this is serious stuff.
Any organization not taking this very seriously is doing a disservice to its stakeholders and shareholders.

The problem seems intractable - for every hole you think you have blocked two open up to allow these criminals to grab data. What does any organization do?

I think the answer lies in the data itself - one cannot go about protecting the periphery to protect the asset. One has to protect the asset itself - in this case the data. If the data itself is always encrypted, at rest as well as in motion (even when it is grabbed of the computer by malware), we might have a shot at preventing this.

Else we are putting our collective heads in the sand thinking that encrypting the laptop drive or USB device is enough...

Thursday, November 6, 2008

WPA encryption cracked..

Just read this about the "more secure" WPA encryption for Wi-Fi networks is now cracked. Read all about it here - apparently by the same guys who broke WEP (this is what hurt TJX). I guess the bar has been raised...