"This year’s research clearly demonstrates that compliance, breaches and brand damage are driving companies to deploy more data protection solutions.” –Phillip Dunkelberger, president and CEO of PGP Corporation
It’s hard to believe that the world of trucking – with its growling diesels, 18-speed transmissions, chrome, and eye-popping paint schemes – pretty much lives or dies on data these days. Not that the cost of fuel, wages, insurance, emission regulations, and many other myriads of factors don’t heavily impact trucking’s day-to-day life. But it’s those minute specks of electronic information, making up bills of lading, payments, driver identification, etc., that determine whether trucks roll or sit.
The big worry, of course – and it’s a fear rightly placed – is just how safe all this data really is. The recent announcement by Carnegie Mellon University researchers that showed how public information readily gleaned from governmental sources, commercial data bases, or online social networks can be used to routinely predict most – and sometimes all – of an individual's nine-digit Social Security number should serve as a huge red flag for truckers large and small. For if individual identification can be compromised this easily, leaving everyday people exposed to all sorts of financial malfeasance, companies should be wondering pretty furiously how vulnerable they truly are.
Companies across the spectrum, though, are definitely awake to the dangers, according the fourth annual study on encryption usage in the enterprise by the California-based Ponemon Institute. In the group’s 2009 study, entitled “U.S. Enterprise Encryption Trends,” found that data breaches continue to be a huge problem for the 997 information technology (IT) and security practitioners that participated in the survey. Some 85 percent of organizations surveyed by Ponemon had at least one data breach in the last 12 months, demonstrating that there is no let up in breaches – consistent with 84 percent cited in the 2008 report. More worrisome is that the rate of companies suffering more than five data breaches rose to 22 percent in 2009, up from 13 percent in 2008.
“We’re trying to help enterprises assess their risk posture," said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. “Organizations are looking for more complete solutions that can protect their data wherever it may reside. The focus for 2010 needs to be on applying a strategic approach to data security across the enterprise.”
Other findings from Ponemon’s work this year include:
• Data protection is an important part of an organization's risk management efforts. For the first time, Ponemon asked how data protection relates to an organization's risk management efforts, with 58 percent reporting that is a very important part of risk management and 22 percent say it is an important part.
• Encryption of data on mobile data-bearing devices used by employees is very important or important. More than 59 percent of respondents say it is very important or important to encrypt employees' mobile devices – a sign that organizations recognize that valuable data is more mobile than ever.
• More than 70 percent have fully executed or just launched data encryption strategy in their organization. Once again data encryption strategies are being implemented across a majority of the respondent participants. The majority of organizations, 78 percent, have some type of encryption strategy, up from 74 percent in 2008 and from 66 percent in 2007.
• Encryption is mostly used to mitigate data breaches and comply with privacy and data protection regulations. In addition, there was an increase in the percentage of respondents who reported that encryption is also important to preserving brand and reputation.
• The percentage of organizations using the platform approach to managing encryption solutions has increased. Additionally, 76 percent would strongly recommend or recommend the platform-based approach if it reduced the cost of acquiring, deploying and managing encryption applications.
This vulnerability of data should really surprise no one. What’s of concern, however, is how pervasive this vulnerability is – especially for everyday individuals –and the amount of fiscal damage it can cause.
Take Carnegie Mellon’s aforementioned work on Social Security numbers, for example. “The predictability of Social Security numbers is an unexpected consequence of seemingly unrelated policies and technological developments that, in combination, make Social Security numbers obsolete for authentication purposes,” said Alessandro Acquisti, associate professor of information technology and public policy at Carnegie Mellon's H. John Heinz III College, and Ralph Gross, a post-doctoral researcher at the Heinz College, who led the college’s research on this topic
“Because many businesses use Social Security numbers as passwords or for other forms of authentication — a use not anticipated when Social Security was devised in the 1930s — the predictability of the numbers increases the risk of identity theft – and ID theft cost Americans almost $50 billion in 2007 alone,” they wrote. “The Social Security Administration could mitigate this vulnerability by assigning numbers to people based on a randomized scheme, but ultimately an alternative means of authenticating identities must be adopted.”
Future Social Security numbers could be made more secure by switching to a randomized assignment scheme, but protecting people who already have been issued numbers is harder, the researchers said. Given the ease with which Social Security numbers can be predicted — particularly the first five digits and particularly for the millions of Americans born since 1988 — legislative and policy initiatives aimed at removing the numbers from public exposure, or redacting their first five digits, may be well-meaning but misguided, Acquisti added.
It just goes to show that protecting data in this information-driven age we’re living in has got to be a top priority for individuals and businesses alike; even in the rough-and-tumble world of trucking.