Comment: Who’s minding the store?

Another personal data leak is in the cards unless state undergoes a complete review of its approach to security.

By
October 24, 2011 19:55
3 minute read.
Comment: Who’s minding the store?

teudat zeut israeli id. (photo credit: Ariel Jerozolimski)

 
X

Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analyses from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief

UPGRADE YOUR JPOST EXPERIENCE FOR 5$ PER MONTH Show me later

Israelis are rightly incensed by the recent announcement that a contract worker at the Ministry of Social Affairs and Social Services has copied all their personal details and made them freely available on the Internet.

According to media reports on the incident, the Justice Ministry has freely admitted that the significance of the exposure is large.

Be the first to know - Join our Facebook page.


RELATED:
Biometric registry slammed in light of personal info theft
'Contract worker stole all Israelis' personal information'

On top of loss of privacy, the ministry has said that the breach includes economic and, most worryingly, physical security. There can be no higher impact of such an incident that puts at risk the physical security of over nine million Israelis – presumably including Israelis living overseas.

The thief’s intention was apparently to sell the information; the data, however, has somehow been exposed to anyone with Internet access.

This kind of security breach can be devastating.

Depending on the nature of the exposed personal data, it could be used for nightmare scenarios – from planning terrorist and assassination attacks, to blackmailing individuals, to committing acts of treason.

JPOST VIDEOS THAT MIGHT INTEREST YOU:


Criminals could also use the exposed information for extortion purposes.

Indeed, even a simple list of names, addresses and telephone numbers can provide the ability to burgle temporarily empty properties or commit financial scams.

So, how did this happen? A clue can be found in the fact that when Israel joined the Organization for Economic Cooperation and Development – an international agency that seeks to stimulate world trade – one of the criticisms it received in the OECD assessment was the deficiency of controls within Israeli organizations.

The Bank of Israel responded that these controls would be tightened up, but what the BoI didn’t say was that this would incur a huge effort and cost.

In the UK and US, government organizations and financial companies spend enormous budgets on their information security departments, precisely to mitigate the risk and subsequent effect of such an incident. One single exposure incident can bankrupt a bank.

Israel is usually adept at handling crises – but far from impressive in the planning department. The “Start-Up Nation” is extremely quick to implement initiatives, but tends to take risks and shortcuts.

When that involves a small entrepreneurial company, the worst that happens is that it folds. But when it happens to the custodian of information for nine million people, it’s a whole new ball game. Preventing information security incidents requires specialists with experience in the industry.

There must be an investigation into the security controls, or lack thereof, in government departments.

This is not the first security-exposure incident in recent times. The previous unauthorized release of classified IDF documents to a Haaretz reporter by Anat Kamm in 2008 may have been more “low-tech” than the current incident, but highlights the same casual attitude to security.

The key problems that can cause incidents like this are inappropriate use of contract staff, too much power given to individuals, insufficient supervision and inability to spot data leaving a secure area.

Israel has excellent security products that are designed to prevent data leakage. But security software isn’t a magic wand – government departments need a complete review of their approach to data security, otherwise a similar incident will almost certainly recur.

Michael Ordman is a Certified Information Systems Security Professional (CISSP)
 
He also writes a regular blog for The Jerusalem Post and a weekly newsletter containing Good News stories about Israel.

Join Jerusalem Post Premium Plus now for just $5 and upgrade your experience with an ads-free website and exclusive content. Click here>>

Related Content

Supreme Court President Asher Grunis
August 28, 2014
Grapevine: September significance

By GREER FAY CASHMAN