A Business Technology Place

Becoming desensitized to security breaches

Are you there yet?

Does news of the latest corporate data breach resulting in thousands of stolen identity records no longer shock or distress you? Today when I looked my news feed I found not one, not two, but three reports of hackers breaking through corporate firewalls to steal data. No offense to Scottrade, Patreon, and Experian, but when I glanced through the list of breaches my first thought was that this was just a normal week. It wasn’t too long ago that I felt both outrage and worry after personal information was stolen from Target, Home Depot, and Anthem. But now it feels like this is the new norm. I don’t like the new normal. Why can’t all these thieves channel their energy and intelligence to do good for the world?

Invisible theft.

Stealing data is not your father’s crime drama. It’s invisible theft. Maybe that’s the paradox of cyber-theft. Data that is stolen still resides where it was stolen from. The game is played by looking for evidence that someone was in data store room. Combine this with the fact that most high tech theft takes place through methods and procedures that the vast majority of people don’t understand (and don’t care to understand). In a word, it’s highly sophisticated and complicated. Breaches often involve complex mathematical calculations used in cryptography and coding algorithms. Intelligent criminals, but not smart criminals.

The data breach economy.

Look around. An entire economy exists to establish, audit, monitor, and teach security standards and best practices. In 2013 Forbes reported that the IT security industry traded around $60 billion dollars in products and services. It was expected to grow tenfold in ten years. I see the effect of this industry every day in my seat managing an IT group. We are expected to comply with a dizzying-array of security controls. We buy software and hardware appliances that will protect us from theft or at least make it more difficult. Salesmen cold call me each week selling security products. “The cloud” is touted by marketers as the safest place to put data (really??). People are employed full time to audit security controls and force compliance. It’s a lucrative business riding the coat-tails of criminals! For the rest of us we have no choice. Non-compliance with security controls means you lose a seat at the table to compete for customer contracts and business.

Yet here we are.

Despite all the people and investment thrown at making us more secure, it feels like our data and personal information has never been more unsecure. The bad guys have access to see all the controls and best practices too. Some of them prey on that list by taking advantage of those of us who fail to do the basics. Other more sophisticated criminals invent new ways to go around our defenses. We know the merchants that we shop, the financial institutions that hold our money, and the medical providers that keep us healthy are not 100% secure. But we shop, bank, and receive medical services anyway.

Like I said. I’ve noticed that I’ve become desensitized to all this theft. But I don’t like it. Discipline and vigilance are necessary actions. Keep your guard.


I’m annoyed with hackers and cyber thieves

An unwelcomed pattern

When I decided in high school that I wanted to pursue a career in technology I didn’t think about technology security. While I earned a degree in Computer Science I don’t remember any classes on cyber security. Now, 20 years, security issues are taking over the technology profession. Help!

Now of course I know security it important. In fact, you would label me as one of the security proponents at work. I am pushing colleagues to take more security precautions than what they are used to doing. I am the guying supporting the cause of compliance so that we can continue to compete for business. In today’s world if companies don’t keep up with security measures then they will begin to lose opportunities for business. It’s not an option.

But I don’t enjoy this. I was attracted to technology for problem solving, solutions, and automation.. I like to create things and solve puzzles. Filling out audit questions on security documents and creating new security processes doesn’t fit that mold. Help!

Such a waste of talent

These criminals are smart. They are talented. It leaves me asking why people so smart can’t use their talents for good. Instead they put their energies into creating software and devices that steal and make life miserable for others.  If money is the motive, then don’t you think someone so smart could earn more money by creating legitimate and legal programs? And just think about the reduced risk of getting caught and going to jail.

The ripple effect

So what’s left in the wake of all the hacking, stealing, and destruction of property from viruses and cyber theft? An entire industry has been born which I guess is good for those that it employs. But now the average technology manager spends several hours each and every week implementing new security measures, answering security questionnaires, answering security controls for standards, and mitigating risks. Whew, it feels good to check a control on an audit. This of course doesn’t completely lock hackers out. It just forces them to find new methods for breaking into systems.

But the problem is the ripples are getting bigger. The time commitment for security compliance is growing. It’s taking away from using technology to help solve business objectives. That’s not fun for me, but I guess that’s what the criminals want.  I’m annoyed.

Thought readings 5

Each week I capture, mark, and comment on blog posts and news articles around the internet. This is short list of three links that I think others will find valuable for their thought lives.

  1. A Simple Device Diagram for Responsive Design Planning by Adam Edgerton of Metal Toad Media. This is a great resource post for development teams. It discusses screen resolutions of common devices so that teams can better optimize experiences on their solution sites.
  2. Caller ID spoofing scams aim for bank accounts by Byron Acohido of USA Today. Crime has no boundaries in the digital world. This article discusses how criminals are using cell phones and SMS to obtain bank account data.
  3. Why I am Leaving Goldman Sachs by Greg Smith published in the New York Times. A resignation letter published in the NY times by a Goldman Sachs executives is good for ratings and controversy. But I found the contents of the notice to have intellectual value. Mr. Smith compares customer focus to profit focus. The classic battle for the attention of shareholders and employees takes center stage in his piece. It’s worth your read.

Let me know what links you shared, tagged, or commented on this week.