Establishing Digital Trust: Don't Sacrifice Security for Convenience
I also recently read an article that claims that wages for security professionals and those with various well-known security certifications have shot up. In this regard, it's heartening to see that the technical side of business is addressing security.
The side that truly needs an awakening, particularly in Canada, is management. There needs to be a realization that security isn't an expense or detriment to the bottom line, but rather a benefit to it. One particular area where this can be seen is privacy.
There seems to be somewhat of a lack of concern over information remaining private. Additionally, there seems to be a lack of understanding as to how and why one needs to protect client/customer information. If I had to sum this up in one word, the reason why is simple: money.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i If you want to keep your customers, then you keep their information private. The most recent examples of what not to do include Bank of America and ChoicePoint. When privacy is violated, there are three areas of concern: risk, regulation and liability. Both Bank of America and ChoicePoint are facing all three.
That said, it is interesting to note, that while one situation is rather easy to remedy the other might require a bit more thought and planning. Let's start with Bank of America. Solution? Encrypt the information the backup tapes. This easy step would ensure, provided that the encryption is of a decent strength, that even if the tapes went wayward (which is what happened) that the data remains secure.
Now ChoicePoint. In their case, there was a fair amount of social engineering involved. Certainly there can be checks on the companies or individuals that registered with the firm, but if someone is determined, they will take the time to perfect the scam (create and register a fake company with a fraudulent storefront and so forth). Their defense? Simply a healthy measure of paranoia, due diligence and selectiveness.
This is where a Symposium on IT Security and Privacy, like the one held on March 1 in Toronto by Transend, is appropriate. Making those that count (management) aware of the issues can go a long way towards cementing the role of privacy protection, as an asset rather than an expense. Besides enjoying the free attendance aspect of the event (which was probably most responsible for the attendance of roughly 800 registrants), the list of speakers was also rather impressive.
Out of the many top tier speakers, one that come to mind is David Perry, Executive VP at TrendMicro. His very gregarious nature and technical knowledge made it easy to remember some of the downsides of not paying close attention to security and also illuminated some of the scary ways that we employ technology.
One such example was that of GM wanting to add Bluetooth for security and software upgrades for their vehicles. This would include broadcasting the VIN (making it more difficult for car thieves to hide the true VIN of the car). I'm sure, given time, we'll see new viruses (and thus, anti-virus software) for cars as well as ''faked'' VIN software.
What Mr. Perry so eloquently expounded is that there is ''no cap on malicious threats''. And he's right. With every new technology developed to make our lives easier, someone will find a way to make it work in their favor or exploit it. For instance, email is currently the biggest victim of the exploiter ethos.
''Trust is nearly gone for email,'' Perry declared. I suspect it is gone completely. When you look at the comparisons, 40 percent of email was categorized as spam in 2002 and today it's in the neighborhood of 80 percent to 88 percent, you realize that few, if any, will ever come to trust email again. Sadly, much of the remaining 12 percent to 20 percent is made up of viruses and phishes. In fact, I'd estimate (based on experience) that about 1 percent to 3 percent of email is actually worthwhile and legitimate.