Brutalized! South Carolina breach exposes data security woes at State level | ESET ThreatBlog

Brutalize? Yes, that’s what the Governor of South Carolina wants to do to the person who breached security at the South Carolina Department of Revenue (SCDOR) and exposed Social Security Numbers and other information pertaining to 3.6 million people, as well as 387,000 credit and debit card records. Speaking to the press on Friday, Gov. Nikki Haley said: “I want this person slammed against the wall…I want this man brutalized.”

We will get back to Gov. Haley’s statement in a moment, but if we expand our perspective on this incident, which has been reported in detail in Computerworld and WBTV, we can see that the scale of the breach has focused renewed attention on cybersecurity at the state level. The picture that is emerging is not pretty.

The people in charge of protecting the data about us that states process and store are known as the state CISOs, as in state Chief Information Security Officers. These folks were polled recently on the topic of cybersecurity. When asked if they receive appropriate executive commitment and adequate funding for cybersecurity, the number who said they did was a dismal 14%. Even if you discount that number slightly on the grounds that anyone in charge of anything usually feels they have not been provided with adequate funding, the number is still shockingly low. Yet it is consistent with the response to a separate question: 86% of state CISOs identified “lack of sufficient funding” as the key barrier to addressing cybersecurity.

Let me put it another way, with another statistic that I found staggering: half of all state CISOs have a team of five cybersecurity professionals, or less. While you ponder how small that number is, let me give a shout out to the source of these numbers, the National Association of State Chief Information Officers (NASCIO) and the firm of Deloitte, who worked together to create a report titled: “State governments at risk: A call for collaboration and compliance.” The report is also known as the 2012 Deloitte-NASCIO Cybersecurity Study and is freely available as a PDF download.

For more, click the link below:


Brutalized! South Carolina breach exposes data security woes at State level | ESET ThreatBlog