100 Million Personal Records Exposed: AppSecInc CTO Reflects on Data Security at Critical Milestone
Application Security, Inc. CTO Aaron Newman Available for Comment on How Data Security Must Change in 2007
NEW YORK - December 14, 2006 - This morning, the Privacy Rights Clearinghouse (www.privacyrights.org) reported that more than 100 million personal records have been exposed since February of 2005. On the occasion of this disturbing milestone, Application Security, Inc., (AppSecInc) (www.appsecinc.com) the market leader in database security, offers perspective on how data security must change as we prepare to enter 2007.
While the image of a computer hacker exploiting software flaws over the Internet from a foreign country strikes fear, the reality is much more complex – and ominous. In the past two years, reported data breaches more than doubled in 2006 when compared to 2005. The number attributed to “hacks” dropped, however, to less than 20 percent in 2006, from approximately 35 percent in 2005.
Massive data exposure often results from shortcomings in people, process and policy – as well as technology. As a result, AppSecInc CTO Aaron Newman recommends that vulnerabilities associated with data – not amorphous threats or specific technology weaknesses – be the critical starting point for ALL security initiatives. Mr. Newman is one of the foremost experts on database security and co-author of the Oracle Security Handbook. He suggests the following six steps are the right mindset for a security resolution in the New Year:
- Trust no one. No one in an organization should be exempt from controls over how data can be accessed or used.
- Inventory the most sensitive data, and don't even think about protective measures until you've completed a thorough discovery of sensitive data and where it resides.
- Build a layered defense, prioritize efforts based on value and risk, and don't get seduced by silver bullets – there are none.
- Document everything. It helps to bolster compliance at the same time.
- Do something decisive, do it quick, and enlist others to help – even if you have to scare them into it.
- Have vision and the courage of your convictions. The upside of rock-solid security is the ability to share data freely and with confidence, generating maximum value.
Mr. Newman adds, “The end of 2006 greets us with the cold, hard fact that at this level of exposure, we’re playing with fire. With each breach, massive and widespread identity theft is headed toward epidemic proportions. In the past, security was dealt with in an outside-in mindset, defending the walled garden from intruders. But in today’s reality, this leaves far too much room for error – or malfeasance. We must make 2007 the year of inside-out security – starting with the ultimate target of exposure, the database, and working our way out in a layered defense.”
To speak with Mr. Newman or other AppSecInc executives on these and other database security-related issues, contact Christine Meyers at 781-687-1034 or via email at email@example.com.
About Application Security, Inc. (AppSecInc)
AppSecInc is the leading global provider of database security solutions for the enterprise with offices in North America and the UK, and a robust partner-reseller network in key markets like EMEA, Asia-Pacific, and Latin America. AppSecInc’s products – the industry’s only complete vulnerability management solution for the database tier – proactively secure database applications at more than 600 organizations around the world. Our security experts, combined with our strong support team, deliver up-to-date database protection that minimizes risk and eliminates its impact on business.
Please contact us at 1-866-927-7732 to learn more, or visit us on the web at www.appsecinc.com.
AppSecInc is a trademark of Application Security, Inc. All other company and product names are trademarks of their respective companies.
Application Security, Inc.
CHEN PR, Inc.