Lets talk about the bbigest culprits that allow identity theft to occur.
As an experienced information systems auditor, I always get apprehensive when I have to deal with a government agency unit that demands personal information that I do not think is relevant, when I know they don't take very good care of the data. Examples are local agencies like the tax collector or community college asking for social security numbers on handwritten forms, or my recent experience with the Lake County dept that provides classes on measuring water quality for lakes. They asked for Driver license, personal references and birthdate details on a manual form just so I could be certified to create a water quality report by one lake. (They run a background check for some insane reason).
The problem is that government employees don't take data security seriously, and periodically you read where some government employee lost a laptop computer that had thousands of employee social security data records on it. A friend who had worked in Georgia just received a notice that they had lost control of a large employee database and were paying for credit monitoring services for all employees involved.
So, here is a news article below that provides some specific statistics from a conference on data security on how bad it is. My favorite quotes are:
• The education sector accounted for 24 percent of data breaches that could lead to identity theft.
• Government was the top sector for identities exposed, accounting for 60 percent of the total
Local governments need to make their employees more educated about data security AND also stop using social security numbers for employee numbers, etc.
And yes, private businesses are also lax. Look at the information you had to provide your doctor to open an account - social security number, etc. and then they put them in open filing cabinet shelves where anyone could grab the file and copy data and use it for ID theft.
As for the water quality form, I refused to fill it out - the lady said "we haven't had any problems with the prior 1400 registrants..." which means I could be the first once someone gets all that data. So, I will not participate in such schemes to put my credit identity at risk. The local government agencies and businesses should not put us in such situations.
vj
============================================
from CNET's news.com at:
http://www.news.com/8301-10787_3-9914611-60.html?tag=nefd.pop
SAN FRANCISCO--It turns out al-Qaida's leader and his cohorts aren't the biggest threat to our cybersecurity. You are.
Six years ago, Osama bin Laden represented the nightmare scenario for the computer security establishment. But more immediate cyberdangers lurk on the horizon. Experts attending the RSA conference that began here today say it's you--Mr. & Mrs. Computer User--who keep goofing up.
In fact, they contend, the future of cybersecurity hinges less on a latter-day version of spy-versus-spy against shadowy terror groups than on a more serious effort to instill best practices. Listening to their heeding was something akin to the scene in the movie Groundhog Day, where Bill Murray repeatedly wakes up to the same morning.
Security gurus have long urged the business world to turn network security into part of the corporate DNA. The message is not fully getting through. And now we're seeing the predictable results.
After listening to Symantec's John Thompson's morning keynote, I later kidded him about purposely scaring the hell out of people. He was a good sport about my joshing but pointed out that the information security landscape is increasingly punctuated by cases of data theft. He backed that up by reciting a litany of worrisome stats from his company's latest Internet security threat report. Truth be told, it makes for grim reading.
Among the report's highlights:
• 65% of the new code being released into the market is malicious
• The U.S. was the top country of attack origin in the second half of 2007
• The education sector accounted for 24 percent of data breaches that could lead to identity theft.
• Government was the top sector for identities exposed, accounting for 60 percent of the total
• Theft or computer loss resulted in the most data breaches that could lead to identity theft
• The United States had the most bot-infected computers worldwide
If the statistics are accurate, rank-and-file computer users are far from internalizing the security mantra. What's more, the findings suggest it will be quite some time before most people treat computer security as more than an afterthought. In the meantime, of course, Thompson didn't preclude the possibility of a terror or state-based organization launching a big cyber attack. But he believes the more likely danger to the nation's infrastructure will emanate from a different quarter.
"The threat landscape has changed," he said. "When people used to talk about the "Big One," they were thinking about that in the context of an attack on the infrastructure itself. That's still possible but less probable today because attackers have shifted to the information itself. They're much more stealth-like. Before, they wanted to become obnoxiously visible. Now they don't. They want to quietly penetrate defenses so they can sell what they steal in what's become a growing underground economy."