Folks, it is getting pretty scary out there. From Target, to Community Health Systems, to UPS, to now Home Depot and all of the rest – data has been siphoned off to China, Russian, Ukrainian, and likely lots of other places. According to Krebs on Security “Target…had 40 million credit and debit cards stolen over a three-week period” and “If a breach at Home Depot is confirmed, and if this analysis is correct, this breach could be much, much bigger than Target.”
Okay, let’s add the numbers up. Some 4.5 million at Community Health Service (SSN and addresses), Target 40 million credit cards, and let’s guesstimate 40 million for Home Depot based on the above. Since Home Depot happened after Target, someone that shopped about both places could be hit twice, but lets assume 20% overlap and say 5% for community Health Services.
With that rough guess, you get a total of over 68 million people in the US are victims of data theft. With a US population of 318 million, that means over 21% of the population (including children) is the potential victim of data theft, therefore the percentage of working and retired adults is likely in the 30%+ range.
These numbers scare the heck out of me and cause me to spend time locking my machines down and suggest my customers do the same thing. The real question: when are we as a nation going to do something about it?
Right now we have network security combined with agents running on the system to track things going out of whack on the system. But we need an operating system that address the security problem by requiring mandatory access controls and role-based access combined with auditing, all of which are supported by SELinux. The time has come to move security into the operating system. We have the tools but we seemingly do not have the will. Does the fact that 21% of the population of the USA has been violated create enough motivation to raise your ire?
Photo courtesy of Shutterstock.