Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 

Lawsuits and Data Breaches

By Steve Jones,

After the breach of the Target payment systems, a class action lawsuit was filed against the company. The action alleges that Target failed to implement strong enough security. Regardless of the merits of this action, it does bring to light a few things that we, as data professionals, should be aware of.

The first is that if our companies store any PII, financial, medical, or other sensitive data, we need to ensure that our management is aware of potential security pitfalls we see, as well as the possibility for legal action if the data is somehow disclosed. The risk and mitigation actions taken need to be weighed by management, and we should approach this as we might any other upgrade or enhancement to a system. With logic, and rational discussion about the issues, providing guidance and potential solutions.

However we also should be aware that no matter what security efforts we undertake, criminals are going to be finding ways around our defenses. As this piece notes, Target likely had security in place, but it's never going to be enough because the attack vectors and techniques are out-pacing the ability of security techniques to provide protection. The solution, or at least a potential mitigating action, is one that data professionals can help with.

We, and the businesses that employ us, should be incorporating analytics into our defenses to detect abnormal actions, by both external and internal, users. We should be looking for potential ways that data is disclosed, and perhaps even scanning the Internet for potential leaks of data. We won't prevent all problems, but if we can detect them early, we can limit the damage.

 
Total article views: 121 | Views in the last 30 days: 1
 
Related Articles
ARTICLE

Potential

We often view potential hires based on their potential and not necessarily on their experience. Toda...

ARTICLE

Stairway to SQL Server Security Level 1: Overview of SQL Server Security

The ubiquity of databases and the potentially valuable information stored in them makes them attract...

ARTICLE

Everyone is a Target

Today Steve Jones looks at the targeted attacks by hackers against individual security professionals...

BLOG

Session Action Metadata

In a previous article, I introduced the core concept of Actions. In that article, I explained that a...

ARTICLE

We Don't Care about Data and IT Security

Most of us say we care about IT and data security. Our actions speak differently.

Tags
editorial    
security    
 
Contribute