Once again a US government department has been hacked and the data was not encrypted so the cyber criminals had full access to all of the information. It has also been reported recently that Facebook had one million records stolen and were sold on a public board for $5.00 again no encryption, the data was in “plain text”.
So where do business, enterprises and government departments stand when it comes to keeping your information safe. In the constant barrage of breaches, stolen information and political hactivism what rights do the normal everyday person have when it comes to having my information compromised.
Being in the business security business, I understand how these things happen, and like me, we do everything in our power to prevent them. I also understand that the probability that all of my information has been compromised in some way is a very real possibility, but the bad guys just haven’t put it all together yet.
In the 1980’s the environment was all the rage ( not that it has changed but the way of protecting it has) with large multi national conglomerates destroying the environment just to make money, and not taking responsibility for their actions. I remember hollywood trying to raise the political awareness of the world with movies like Erin Brockavich, with some success. The thing that I do remember from the film is the correlation between the cost of getting caught verses the cost of the fine and the cost of doing the cleanup.
At present cybersecurity is at that point. The administrative cost and fines are less than the cost of making sure that your information is safe. Until the cost of having lax security practices and systems is severely punished we will continue to here stories like the ones mentioned above.
If a radical thought like having a monetary payment based on a percentage of GDP would be a good place to start ( before the accountants and fiddle merchants get near it). If a security breach is met with a 15% fine of GDP would it make everyone take notice. Of course it would, the cost of getting caught with your cybersecurity pants down would have and should have a detrimental impact on the business, to such a level where it could put you out of business.
One of the best ways to make sure that all your critical information is protected it to encrypt it all at some level. Maybe it slows down the process but it would ensure that if the information was compromised then the information cannot be read without considerable additional resources.
In all situations your cybersecurity focus is to get the bad guys to go somewhere else. Making the process of attacking you hard, complicated or down right difficult is your one and only aim. By removing the robotic and non target attacks, by restricting your accidental exposure and by being vigilant and paranoid then the only way that you can be attacked is directly.
To be directly attacked you need to have done one of the following – seriously pissed of someone, have a prototype or some type of intellectual property that is going to be the next billion dollar invention or you have to have access to some serious money. If any of these are true then you already have made a serious investment in protecting it.