Raj Goel, CISSP, is an IT and information security expert with over 20 years of experience developing security solutions for the banking, financial services, health care, and pharmaceutical industries. He is a well-known authority on regulations and compliance issues. Raj has presented at information security conferences across the USA and Canada. He is a regular speaker on PCI-DSS, HIPAA, Sarbanes-Oxley, and other technology and business issues, and he has addressed a diverse audience of technologists, policy-makers, front-line workers, and corporate executives. Raj works with Small-to-Medium Businesses (SMBs 10-200 employees) to grow their revenues and profitability. He also works with hospitals and regional medical centers across the Northeast (NY, Vermont, New Hampshire, Maine, Pennsylvania) in helping them meet HIPAA compliance requirements and utilizing Health Information Systems (HIS) effectively.
Malicious attacks on databases and incidents of online and other tech-related thefts continue to evolve in number and mannerleaving both consumers and businesses scrambling to pay for the damage to their reputations and bottom lines. The Identity Theft Resource Center reports that in the first half of 2009, 18.4 percent of all breaches were from insider theft. That’s up from 15 percent in 2008 and 6 percent in 2007. During the same period, the ITRC reports that hacking totaled 18 percent of all data breaches, compared with 11.7 percent in 2008. Combined these malicious attacks are up more than 10 percent in 2009, with data breaches and insider theft accounting for 36 percent of the 250 reported breaches this year.
Information security experts, including ITRC, say companies must implement effective data-protection policies and pant because so much of the information required to commit ID theft is available online due to inadequate controls, data leaks or human behavior.
However, it isn’t only politicians’ information that is being leaked to the public. In a study called “risky Business: reputations online,” public-relations firm Weber Shandwick surveyed more than 700 senior executives last year. Respondents ranked “confidential or leaked info will appear online” as being the top online risk to their companies’ reputations.
Confidential corporate data finding its way onto the Web isn’t new. But the rapid proliferation and popularization of interactive online platforms such as blogs, wikis, chat rooms and messaging sites such as twitter—collectively known as the social media—have upped those stakes significantly for information security professionals.