A Little Challenge to the Private Sector

Today’s post is provided by Joan HerbigJoan is the Chief Executive Officer for ControlScan, a leading provider of security and Payment Card Industry (PCI) compliance solutions designed exclusively for small- to medium-sized e-commerce businesses.


I recently sent some employees to a seminar to get an industry-recommended security certificate. The seminar is aimed at providing education on the newest and hottest cyber threats.

With all the news of mega breaches out there, including one I just wrote about on www.esecuritydiva.com, it would seem as if an information-packed seminar such as this one would be packed with IT people, right? Actually, it was. But with public sector IT people. Private sector attendees were few and far between.

What’s going on here? This little piece of news could be a telltale:

According to a new report by the Identity Theft Resource Center, the percentage of breaches occurring in the government sector has been dropping steadily over the past three years (http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml). The percentage of breaches occurring in the private sector, meanwhile, has skyrocketed 69 percent from the same six-month period last year. Mix that news with the fact that the private sector is substantially less prone to reporting breaches than the public sector and the situation gets even worse.

As the report indicates, the government sector – for a change – is outperforming the private sector. The report says during the first half of this year, breaches in the government accounted for only 17 percent of all reported breaches, a 13 percentage point decrease from 2006.

Leading the seminar was Bill Lipiczky, a senior architect with IT consultancy Managed By Design. He acknowledges the lopsided attendance record, estimating that the private sector accounted for only 20 percent of the class. He says companies often do not have as full a grasp on cyber threats as it should.

“They don’t have a good handle on the risk,” Lipiczky says. “I kind of liken it to life insurance.”

Life insurance. Kind of like not really thinking about bad things until something bad happens.

To be fair, Lipiczky points out that the government’s emphasis may be because it has more pressing things to worry about than simply identity theft. Like national security, for one. Stuff like foreign governments trying to hack into our critical systems. But something clearly has to be done here. The number of breaches cannot continue spiraling out of control without the Congress getting involved more than it already is. Do we really want that?

So, I have a challenge. Let’s start attending more professional development courses focused on security. Let’s start being more proactive about preventing breaches. And let’s show that we can do the right thing without being legislated to do so.

Joan Herbig
CEO, ControlScan
(The eSecurityDiva)


Joan E. Herbig is the Chief Executive Officer for ControlScan, a leading provider of security and Payment Card Industry (PCI) compliance solutions designed exclusively for small- to medium-sized e-commerce businesses.

Joan has over 20 years experience in the high-tech world. She has served in many roles throughout her career and has managed her teams to consistently successful outcomes. Named CEO of ControlScan in September 2007, Joan is responsible for business operations and is focused on growing the company’s revenues and expanding its position as a leader in the PCI compliance market. From January of 2005 until its acquisition by nCircle Network Security in May of 2007, Joan was CEO of Cambia Security, Inc., a leader in the configuration auditing space. Prior to Cambia, Joan was CEO of XcelleNet, Inc., an industry leader in wireless systems management, which was acquired by Sybase in May 2004. Before joining XcelleNet, Joan was with Digital Communications Associates (DCA) from 1987 to 1995, where she served as Senior Product Line Manager responsible for marketing and product management of DCA’s software product lines.

Joan is also active in the Georgia technology community. She was named the 2001 Woman of the Year in Technology by the Technology Association of Georgia (TAG). She serves on the Board of Directors for the Technology Association of Georgia, and will serve as its Chairman in 2008. She earned a B.A. in French from the University of Louisville and a M.S. in Computer Science from the University of Kentucky.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s