Why Is Information Security an Issue?

Every day the news media reports stories such as these:

• Someone attacks a university computer and gains access to the records of over 30,000 students and staff members. These records include names, photographs, and Social Security numbers (SSNs).
• A hospital experiences a cyberattack that prevents hospital staff from accessing computer systems and patient records. Therefore, the hospital must turn away patients until its computer systems and access are restored.
• A bank loses a backup tape, potentially exposing more than 1 million customer records. The tape is never found.
• A company that processes credit cards stores unencrypted account information on its servers. Attackers gain access to the servers, exposing over 40 million accounts.
• An email scam targets an organization by asking employees to verify their account settings. When employees respond, they provide their computer usernames and passwords. Attackers then use those credentials to access and compromise the organization’s computer systems.

Organizations use and store a lot of data to conduct their business operations. For many, information is one of their most important assets. Organizations use large and complex databases to keep track of customer product preferences, as well as manage the products and services that they offer customers. They also transfer information to other businesses so that both companies can benefit.

Organizations collect data for many reasons. Much of the data they collect is personal information, which can be used to identify a person. Personally identifiable information includes the following:

• SSNs
• Driver’s license numbers
• Financial account data, such as account numbers or personal identification numbers (PINs)
• Health data and biometric data
• Authentication credentials, such as logon or usernames and passwords

Based on media reports, security breaches appear to be growing both in number and in the severity of damage they cause to organizations. These breaches result in data that is lost, stolen, disclosed without permission, or rendered unusable. A security breach can damage an organization’s reputation, which may prompt customers take their business elsewhere. Following a breach, the organization may also have to pay fines and/or defend itself in court. If a security breach is particularly bad, an organization’s leaders can face criminal charges.

As noted, an organization that fails to protect its information risks damaging its reputation—or worse. Information security is the term that generally describes the types of steps an organization should take to protect its information.