I was reading Frank Hayes Opinion column in ComputerWorld this week about some of the recent cyber security incidents, some of them affecting security companies. His theme was that that security occasionally becomes the joke. Yes, TSA gets on our nerves, the antivirus 2011 malware causes confusion among our user community and last week alone Microsoft released a record number of security patches. Are you feeling safer already? Not really, that was a funny line, yet no one is laughing.
Security has become mainstream in moderate to mature corporations. They start with a policy, they provide the tools to the techies and then they ENFORCE the policy! Younger organizations or the ones not realizing the risk they are in, they endanger themselves or connected partners, and they think the joke is on them…
The PCI DSS (Payment Card IndustryData Security Standard) has proven to have more teeth than other government regulations. Compare these statements: Big Credit Card company tells retailer: “If you are not PCI certified, you have to pay us $50,000 a month or stop processing our credit cards” versus GSA telling a government agency: “so you have an F in security this year, so we are cutting the budget a little this year”. One of the consequences of a government incident: U.S. Department of Veteran Affairs breach resulted in fines of $1,000 per violation and amounted to $26.5 billion. Who paid for that? US taxpayers. T.J. Max was hacked and 94 million credit card numbers were stolen. Who paid? T.J. Max shareholders and consumers.
So where is the joke in all this? It’s not funny. But why does it an incident to raise concerns by management and start doling out money for security and compliance? Because they the pain and shame of being the butt of the joke! And as Frank wrote: “maybe your users will realize that what they do matters.”
Until next time, stay secure!
Sources:
US Veteran Affairs http://datalossdb.org/incidents/289-names-social-security-numbers-and-dates-of-birth-of-26-5-million-u-s-military-veterans-stolen
TJ Max http://datalossdb.org/incidents/548-hack-exposes-94-million-credit-card-numbers-and-transaction-details