Writing for the Sunday Morning Herald, the technology and marketing journalist Lia Timson captured the growing sophistication of cyber criminals and their remarkable chutzpah, really rather well. It’s turning the industry inside out, upside down and then taking it for another rollercoaster ride.
“People tend to think of computer crime as a technology exchange – connections, bits of data, machines talking to other machines, credit cards cancelled – no real victims, no major harm done,” she noted.
“But what happens when it takes place under your watch? When you are the one in charge, responsible for not only the security of your own organisation and its reputation, but ultimately that of your clients – major corporations, government agencies and defence contractors too?”
This alludes to major hacks that have been experienced by RSA, a global security company, DigiNotar, a Dutch-based security vendor (now bankrupt), Symantec, one the largest producers of security software, and Verisign, the US-based provider of internet infrastructure services over the last few years.
Her question is not an easy one to come to terms with, whether you’re a security professional, an organisation that hires such services, an individual and/or the provider of security systems. Why? Because we all know what kind of an impact a climate of fear can have on the human psyche – what happens in a world where no one is safe?
That the numbers of incidents of security breaches occur on a daily basis throughout the globe is in itself axiomatic. It’s a crime, an illegal act, and like other acts of transgression, though against the law and punishable – and severely so – continues to happen nevertheless. It’s part of the nature of life. We do our best to tackle such misdemeanours, to reduce the number of attacks that happen, to reprimand those who perpetrate such crimes. Of course, that’s not to say we don’t desire a world where no one would be inclined to hack, steal and pollute security systems. Of course we do. We’re just realists.
While we can accept this is the current state of affairs, we can’t take our feet off the pedal towards being innovative, for, security firms to be, like Superman, made of steel, virtually indestructible (because even Superman has a weakness in Kryptonite). It’s achievable, something that we’re sure a lot of security professionals will agree with, but the major obstacle lies in how we get there.
“There’s no room for debate about the need for a paradigm shift in the way both business and government approach cyber security,” Tony Busseri, chief executive officer of Route1, a security and management company, wrote for Wired recently.
“But identifying a need is the easy part. Getting the relevant parties to agree on what to do, and getting that done, is like the proverbial sausage factory. It will take legislation, and laws that accomplish anything meaningful will require a public/private partnership of historical efficiency.”
Sometimes it takes getting hit hard and a number of times to kind of signal a wakeup call. We got lazy, we we’re happy with the good times, everything seemed rosy. Sometimes we can only ever grow by being reactive to catastrophes. It’s tough to plan for something that hasn’t happened yet. 2011 might have been significant in disclosures about big breaches across the board and the number of significant attacks that occurred. Let’s make 2012 the year we set a new standard.