Security breaches are no joke

No matter how much money you've spent on IT security or how well you have trained your staff, there's a pretty good chance you will get attacked. This week we feature a slideshow that highlights the 10 worst IT breaches of 2009, so you can see just how bad the problem has become.

We left plenty off this list. These are just the top ones, but you can be certain that bigger and more lethal digital invasions are on the horizon.

Possibly the worst we found this year occurred when the National Archives and Record Administration lost an unencrypted hard drive containing the detailed records of 76 million veterans and millions of Social Security numbers.

Then there is the case of the laptop stolen with information on 800,000 doctors in its database. That's practically every doctor in the United States. The culprit in this case is allegedly an employee of the Chicago-based Blue Cross and Blue Shield Association who downloaded the information on his personal computer.

And in another breach, there's payroll services provider PayChoice. The company was hit twice in the last month by hackers who broke into its servers and stole customer user names and passwords. The number of accounts at risk haven't been disclosed but you can be certain it is many.
 
Many breaches come from unknown sources, outside attacks that find weaknesses, get in the door and unleash a computer virus, worms, spam, Trojan horses or phishing expeditions. The culprits are often hard to trace, are sometimes located overseas, and can wreak havoc on computer networks.

The attacks can slow down or bring computer systems to a halt, and as in some of the cases we highlight this week, result in theft of vital personal or proprietary company data.

On top of all these outside threats are the inside ones. And much has been written about the dangers from within, from careless employees to neglected policies to watch over the data and keep it safe.

Nearly half of all data breaches come from inside. It could be an employee who downloads data on a personal computer or a worker who takes a company laptop out the door only to have it stolen.

A recent survey of breaches at 400 public schools by CDW Government Inc., for example, found that most of their IT breaches originated internally. The systems were hacked by students more than 40 percent of the time or by parents and teachers 22 percent of the time.

The costs of data breaches can be enormous. Large companies that experienced a data breach in 2008 paid an average of $6.6 million last year to rebuild their brand image and retain customers, according to the Ponemon Institute, a Tucson-based research firm. The firm looked at 43 organizations that reported a data breach and found that roughly $202 was spent on each consumer record compromised.

Take a close look at our top 10 list, and it will give you a clear picture of what can happen, how it can happen and the serious risks that are lurking in cyberspace. - Judi