dcsimg

Data Breach: Who’s to Blame?

  • Data Breach: Who’s to Blame?-

    Looking at the end user, the reason they are sometimes called out as a contributing factor or the reason for a breach is not necessarily anything they have done maliciously (although there are occasions when that happens). Rather, it’s often a result of lax security on what they have access to; think of them as the entry point to whatever they have access to.

    If they are a typical end user, they likely have approximately six different user IDs for the six different applications they need to access to for their job – which means they probably have them all written down and taped to the side of their monitor along with the passwords (which hopefully aren’t all the same). One of those may be the financial application which, for the sake of our example, they don’t even use anymore as their responsibilities changed. In a case like that, anyone who can see those credentials can potentially use them to gain access. 

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8

Data Breach: Who’s to Blame?

  • 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
  • Data Breach: Who’s to Blame?-2

    Looking at the end user, the reason they are sometimes called out as a contributing factor or the reason for a breach is not necessarily anything they have done maliciously (although there are occasions when that happens). Rather, it’s often a result of lax security on what they have access to; think of them as the entry point to whatever they have access to.

    If they are a typical end user, they likely have approximately six different user IDs for the six different applications they need to access to for their job – which means they probably have them all written down and taped to the side of their monitor along with the passwords (which hopefully aren’t all the same). One of those may be the financial application which, for the sake of our example, they don’t even use anymore as their responsibilities changed. In a case like that, anyone who can see those credentials can potentially use them to gain access. 

Data breaches are reported all the time in the news - and often when a breach occurs, fingers are pointed at everyone from hackers, to CSOs, IT and even end users. So in looking at a typical breach, Jackson Shaw, senior director of product management at Quest Software, wanted to break down why the fingers get pointed at these particular people (aside from the hacker, as that’s generally an obvious target) and why they should each care about data governance. For simplicity, he’s going to break this down into three groups: The end user, the IT department, and the line of business manager, and he’ll use the case of financial data.