Becoming desensitized to security breaches

Are you there yet?

Does news of the latest corporate data breach resulting in thousands of stolen identity records no longer shock or distress you? Today when I looked my news feed I found not one, not two, but three reports of hackers breaking through corporate firewalls to steal data. No offense to Scottrade, Patreon, and Experian, but when I glanced through the list of breaches my first thought was that this was just a normal week. It wasn’t too long ago that I felt both outrage and worry after personal information was stolen from Target, Home Depot, and Anthem. But now it feels like this is the new norm. I don’t like the new normal. Why can’t all these thieves channel their energy and intelligence to do good for the world?

Invisible theft.

Stealing data is not your father’s crime drama. It’s invisible theft. Maybe that’s the paradox of cyber-theft. Data that is stolen still resides where it was stolen from. The game is played by looking for evidence that someone was in data store room. Combine this with the fact that most high tech theft takes place through methods and procedures that the vast majority of people don’t understand (and don’t care to understand). In a word, it’s highly sophisticated and complicated. Breaches often involve complex mathematical calculations used in cryptography and coding algorithms. Intelligent criminals, but not smart criminals.

The data breach economy.

Look around. An entire economy exists to establish, audit, monitor, and teach security standards and best practices. In 2013 Forbes reported that the IT security industry traded around $60 billion dollars in products and services. It was expected to grow tenfold in ten years. I see the effect of this industry every day in my seat managing an IT group. We are expected to comply with a dizzying-array of security controls. We buy software and hardware appliances that will protect us from theft or at least make it more difficult. Salesmen cold call me each week selling security products. “The cloud” is touted by marketers as the safest place to put data (really??). People are employed full time to audit security controls and force compliance. It’s a lucrative business riding the coat-tails of criminals! For the rest of us we have no choice. Non-compliance with security controls means you lose a seat at the table to compete for customer contracts and business.

Yet here we are.

Despite all the people and investment thrown at making us more secure, it feels like our data and personal information has never been more unsecure. The bad guys have access to see all the controls and best practices too. Some of them prey on that list by taking advantage of those of us who fail to do the basics. Other more sophisticated criminals invent new ways to go around our defenses. We know the merchants that we shop, the financial institutions that hold our money, and the medical providers that keep us healthy are not 100% secure. But we shop, bank, and receive medical services anyway.

Like I said. I’ve noticed that I’ve become desensitized to all this theft. But I don’t like it. Discipline and vigilance are necessary actions. Keep your guard.