Protechnica

By Catherine Dunn ContactAll Articles, Corporate Counsel, April 4, 2012

For anyone who thought headlines about data breaches were so 2011, the March 30 hacker attack that has affected up to 1.5 million Visa and MasterCard cardholder accounts is a reminder that companies are hardly in the clear. Yet with this latest breach — which compromised the systems of a third-party payments processor called Global Payments Inc. — comes the question: When will companies start to see this coming?

A persistent problem, says Matthew Lane, chief technology officer for information security and privacy consultancy Janus Associates, is that many firms still think they won’t become targets.

“You have to think that you will be breached. It’s a real battle out there,” says Lane, who has consulted on two major credit card-related breaches. “Most companies that have the most trouble are confident that they won’t be breached.”

Janus coaches companies on pre-breach risk assessments — aiming, in part, to identify the value of the information in their systems. Depending on the answer, Lane says that the next questions Janus asks clients about their data are: “Can it be outsourced? Can it be moved completely, so that when a breach happens there’s nothing threatening the intellectual capital, the brand of the organization, or the security and privacy of the clients?” <READ MORE>