- October 29, 2018
- Posted by: Normand Brien
- Category: Business Intelligence, Information Security, Threat Protection
Another disastrous year from the “custodians” of our information. The constant leaking of personal information from all business segments is now an everyday occurrence. There’s so much proof that developers and technology providers are not taking the time and effort to adhere to security standards and compliance. Nothing is sacred – it’s time to harp on to the fraudulent inefficiencies and the disruptive impacts of meager designs in applications and operating systems used across diverse platforms.
It’s unimaginable and frustrating that we can’t overcome the increasingly complex and targeted assaults on our business and consumers’ data. While the IT security industry remains understaffed and overwhelmed, dangerous new strains of malware continue to intrude on our privacy. For what seems to be a long-term threat, the outlook will remain bleak.
Some Very Ugly Truths
Face it, there is no silver bullet! There isn’t one available solution in the market that meets all the prerequisites to protect information that flows in and out of an organization; there are too many variables and is one reason why an information security solution is expensive.
Forgive the cynicism – time to for businesses and households to step up the rhetoric and demand more from those who gather and use our information. The continued progression of ill-defined application and system software designs alongside the glut of new devices pushed to market, can no longer be tolerated. It comes down to two core issues: the lack of preparedness to place a solution into the market and the deficiencies in their product development lifecycle practices that these “gatekeepers” of our data have.
Need evidence? Look at these stats and charts from 2017; last year’s rate increased more than 44% over 2016. These specific businesses wrongfully impacted more than 2 billion consumers by breaches that stole Personally Identifiable Information (PII) (credit cards, emails, social security data, drivers licenses, etc.). So far in 2018, close to 800 million consumer data have been breached in this report. Year over year the percentage in the number of breaches or consumers impacted nearly doubles. From a business survival perspective, why haven’t they/we learned from the previous mishaps and why aren’t we ahead of the problem? We’re all too familiar and fed up with the media barrage about company breaches of our personal information. It’s so common place now, what’s a business to do? How much more should the consumer put up with such an atrocity?
You can’t be convinced or have any gratification that your information (scattered across the globe) is tamper proof; never mind that enterprise leadership has any taken any ounce of accountability. When it comes to developing and implementing compliance standards or practices (ITIL, CoBIT, GDPR, etc.), it becomes an overwhelming task to engineer comprehensive solutions.
Supposedly all businesses hire compliance managers to effectively develop and monitor internal policies and regulations. If those represented in the list of breaches had solid performers in this position, governance wouldn’t be the issue.
So many “experts” with specialized solutions – the information security industry is overly saturated with specialists that vow to protect your data and that is compounded by lack of a sustainable “one size fits all” solution. The other dilemma? The stewards or “guardians” of our information fail to report timely and accurate about the events surrounding a breach. Who do you choose to work with? Which cost effective solution has the higher probability of ensuring the data is secured?
Why do organizations that breach information wait for months (even years) to reveal details of a disaster? Periodic reviews of corporate policies and business practices about communication methods with audits of security practices should clarify if changes are warranted, after all it’s about the customer.
It’s apparent that board rooms and senior management are overwhelmed and contend with competing priorities that require steep budgets and realistic strategies. The obligation to protect corporate assets such as customer data should be a “priority one” initiative.
The biggest flaw with these solutions is the inadequate designs and testing methodologies that are obviously not used. Case in point, this recent posting outlines what Microsoft is (or not) doing behind the scenes. The push to production is too reckless, lacks governance and does not consider key processes like application design, unit and system testing techniques, or product integration requirements. The impression is a “time to market” philosophy rather than a quality deliverable.
When security watchdogs announce there’s been a breach, there’s a rush to the presses, with plenty of fanfare and eagerness to be the first to report. Yet, have you noticed that these announcements do very little to scorn these organizations about back office practices, behaviors or lack of accountability?
Credit bureaus are having a field day, because the only solution offered by those organizations that have been breached is credit monitoring. I think I have 4 or 5 active monitoring agencies now that are observing my PII from the last few years. Unfortunately, what other options do you have? On top of that, because of their ineptness, you must take matters into your own hands to change your credentials.
What Lies Ahead?
On the personal level, consumers should review privacy settings on all desktop and mobile apps. Giving all access to the public domain should be restricted to friends or personal connections. There are numerous online resources to guide you.
When conducting business or pleasure online, be aware how to “surf responsibly”. You would be surprised to know what the FTC offers for tips to manage your personal networks, devices and online interactions. A good site to bookmark.
Business administrations should read and discuss the findings from this report which addresses three “areas of impact” for the future of online interactions which are categorized as: Digital Divides, Personal Freedoms and Rights and Media and Society. It is expected that governments’ role will increase due to the surge in threats. This website and reporting drills down into what the strategies and recommendations that organizations should consider moving forward.
More importantly, those who customize and sell technology solutions must realize that they are further endangering the way we conduct business. Serious conversations and actions at senior levels must interrogate internal practices to defend threats. Product lifecycle routines must be ridged that ensure integrity between developers, integrators, and suppliers.