When Internet security takes a back seat

By Terry Cutler.

Why is it that those in charge of protecting the company’s security network, that database of sensitive customer data – bank cards, credit cards, bank accounts and personal information – don’t seem to spend the money to protect it? This is a question that is baffling to those in the data protection business, and may be more baffling in the years ahead.

CEOs and Chief Security Officers (CSO) do not always see eye-to-eye on this problem. The CEO is budgeting the overall books, while the CSO is focused on his task, and can only submit for his budget. This is understandable. However, a recent survey (http://www.cioinsight.com/c/a/Security/Information-Security-Views-of-CEOs-CISOs-Diverge-Sharply-418309/) released by Core Security which highlights and demonstrates this separation over the security stance of the same company who has the potential to drop a company in a “click”.

Staggering is the first word that comes to mind after a quick read of this benchmark. Only 15 percent of CEOs said they were very concerned about an attack on their network, and didn’t think their systems were under attack or even compromised. There is a large gap between CEO and CSO thinking.

Sixty percent of CSO’s reported being very concerned about attacks and reported their systems were already penetrated. Yet with all the breach threats filling the news, and the numbers in dollars lost rising with each attack, or even a threat, the report unearthed that 36 percent of CEOs don’t deem it necessary to get a security briefing from the member of their own security team. It is inevitable. With large customer databases becoming the norm with big companies, the norm for hackers is to go after the company. Decide this at the board level, or decide how to fix it later, of course at a loss of reputation and customers and millions.

It isn’t fashionable to call Internet security unimportant, yet CEO’s continue to scoff at filtering money in that direction. This is risk management of the grandest form. One breach can cost millions. As I have written in previous blogs, that extra money may go to training that one employee not to “click”, or maybe not?

It’s the CEO’s call.

Welfare versus TANSTAAFL

TANSTAAFL continued – A couple of comments came back – which is good! Both raised the issue of welfare being a free lunch for people – interesting question! So let’s take a step back and see from where welfare arises. Either the federal or provincial government – or sometimes both, provides financial support to those people in Canada who meet certain tests or conditions – no other sources of income, severe physical or mental or medical health issues, people with various addictions, etc.

I will not debate the political issues of whether or not these individuals are deserving of government largesse – this is an a-political blog! With that out of the way, from where does the money come? Not government, but every other tax-paying individual in Canada – so is it “free” – no, there is a cost and all taxpayers share in the burden – but is it “free” to the recipients? Let’s consider some other issues aside from the many very serious conditions many people face who are on welfare – some of their own doing and many not of their own doing. For those living in direct consequence of their own actions (or inactions), I would suggest they are paying a very high price indeed – loss of contact with family, long-time friends, what about their self-respect, self-image and self-worth? Aren’t these things beyond price in the conventional sense?

Again, this is not a political dialogue but rather identifying the true cost of things we often take for granted – cost is not necessarily dollars and cents – but there can and is a mental and emotional cost we all pay at various times. For those individuals who truly need financial aid from governments, are we really helping them if we do nothing to help them break their present cycle of life and health – and the mental and emotional stress they face 24/7?

If we accept the premise that welfare is necessary, should we then also accept that simply handing out cash or vouchers isn’t really helping people change?

Shouldn’t welfare be made into a positive experience that truely helps people rather than merely sustains them?

How do we change the image and impact of welfare? I don’t have any pat answers – and neither does anyone else – lots of theories and most seem to be based on simply adding more money to be given away rather than changing people’s lives – or rather allowing them and helping them change their OWN lives! Money is not an answer although it belongs in the mix.

In challenging economic times, everyone pays more attention to government spending and welfare is an easy (and expensive) target because in general terms, the public doesn’t see any long-term positive results – so the question becomes – why spend tax money when the problem never gets any better?

Hope these comments cause some thinking in lots of minds!

Companies guarantee our phones are secure? Really?

By Terry Cutler

Just how fast is technology moving? At lightening speed say security specialists, and when it comes to online security it’s moving too fast. We cannot keep up. The example is our growing use of mobile devices. In today’s world of business the Smartphone is fast becoming the gateway to sales and customer communication and operations. These mobile devices also double as the tool for personal banking, social media and emails.

According to several reports http://www.forbes.com/sites/ciocentral/2012/08/16/cios-must-address-the-growing-mobile-device-security-threat/

There are now 5.9 billion mobile-phone subscribers across the world. Returning to the Ponemon Institute study http://www.ponemon.org/index.php

I referred to in my last blog six out of every 10 cyber-security breaches can be linked to our mobile devices. Mobile device intrusions have increased by 155 percent. The speed, at which mobile breaches are occurring, according to the study, has increased to 3,325 percent over a seven-month period in 2011.

How does one control how corporate Smartphones are used?  Let’s start with knowing what applications are being installed and operated by the users?

But our phones are secure, right?

Why would such reputable companies develop and mass-market unsafe products? The product itself may be somewhat safe, but using the apps and other device products that are for sale are out of the control of the main manufacturer.

The Android Market, BlackBerry App World and Apple, reputable as three leading and business companies, are all present themselves as safe, but outside products, or third party products, may have malware that could wreak havoc on a Smartphone.

Consider that almost one third of the applications available from the Android Market or Apple App Store require access to user’s location data, according to App Genome Project, https://www.mylookout.com/appgenome/ to help keep mobile phone users secure.

Briefly, the App Genome Project (AGP) is an ongoing project that has scanned nearly 300,000 free applications, and mapped out nearly 100,000 applications available in both Android Market and the App Store.

The list of apps available seems endless. The project reported that the number of apps available on the Android Market increased by a whopping 127 percent since August 2010, while the Apple App Store grew at a rate of 44 percent. It is interesting to note the numbers for one reason; If the growth rate continues at the same pace, the Android Market will have more apps than the Apple App Store by Christmas of 2012, the project estimates.

Next Week,  “Mr. CEO you’ve been hacked! Now What?”