in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Breach Costs: Maricopa County Community College District Ups Its Breach-Related Costs Again

Maricopa County Community College District (MCCCD) is making the news again... for the same data breach (yet again).  The site azcentral.com is reporting that MCCCD's costs related to last year's data breach has gone up yet once more, by another $2.3 million.  The college district has spent nearly $20 million since the data breach was revealed.

This incident shows how bad things can get when one decides to just ignore the risks of a data breach (like when companies opt to face the consequences of a low-level risk event instead of using laptop encryption because, hey, not encrypting is free).

A Bad Move

One of the most damming aspects of the MCCCD data breach is that they had experienced a previous data breach in 2011.  As a result of that breach, MCCCD's IT department had predicted with high precision what could happen in the future if security weaknesses were not addressed.

These were not addressed and, lo and behold, they had a massive data breach in 2013.  So, is it any wonder that MCCCD is now spending $20 million (and possibly more) to clean up after this mess?

Now, MCCCD could point out that they are the victim, and they'd be right.  But, they're also the perpetrator.  Let me compare it to something else.  Let's say we're talking about banks and money.

There is a bank.  Their security personnel points out that a four-year-old could toddle in and steal the money in the bank's vaults, and recommends fixing the problem.  The bank's officers decide not to solve the problem.  Two years later, someone steals money from the bank's vaults, following the exact method previously described by security personnel.  Is the bank a victim?  Yes.  Did they deserve it?  No.  Did you see it coming from a mile away?  Yes.  Does it feel like the bank's a victim?  Of course not.

To MCCCD's credit, they didn't play the victim card.  But plenty of other companies and organizations have under the same exact conditions (and more will most probably do so in the future).

What's Next?

Things are not over for MCCCD.  While it's a long shot, the groups suing MCCCD could come out on top in the courts.  For instance, what's to stop the hackers who stole MCCCD's data from suddenly hawking it in the underground black market?  Then, the students who were affected by the data breach start connecting the dots, and boom! you've got a viable case on your hands.

And, even if this were to not happen, there's another aspect of MCCCD's data breach that should be worrying the college district: namely, the fact that they ignored recommendations to strengthen their data security.

The lesson is a familiar refrain: an ounce of prevention is worth a pound of cure.

Related Articles and Sites:
http://www.azcentral.com/story/news/local/phoenix/2014/05/19/data-breach-costs-approach-million/9312729/
http://www.databreaches.net/the-mcccd-breach-breach-costs-now-approach-20-million/
http://www.alertboot.com/blog/blogs/endpoint_security/archive/2014/03/28/cost-of-a-data-breach-mcccd-data-breach-could-cost-up-to-17-1-million.aspx

 

 
<Previous Next>

Data Security: eBay Has Data Breach, Asks Users To Change Password

Apple iPhone Security: Devices In Australia Hijacked By Ransom Ware

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.