Time to Change
For those who don’t follow security related news, here is a quick summary of happenings over the past few months.
Things are being hacked, and this is not an exaggeration. Companies such as Apple, New York Times, Facebook, Twitter, and Evernote have seen a recent increase in unauthorized remote access to customer information and login credentials. These aren’t small companies in any regards; Evernote may not be as large as Apple but still has 25 million users.
The question of how these breaches were conducted is not important compared to the question how many of the customers who have been affected are aware of the security breaches? It’s sort of nice to be informed when I can’t access any number of my accounts because the company servers were compromised.
This brings up the issue of timing of the “official reports.” By delaying the report in order to collect all the evidence and not compromise the investigation is important from a legal standpoint but waiting too long and not informing the customers is also not a good business practice. It’s the unfortunate fact that the informing the user response is not always handled effectively.
When internet clients are not putting the services they use in a position to take responsibility, nothing will get better. So stop taking your security for granted; only you are responsible for your digital well being. Services that you use have an obligation to protect client information. Most of the time, unfortunately, the security measures aren’t up to industry standards. Here exists one of the fundamental issues: security is reactive and mostly about being able to cross out the check box on the required policy sheet. Standard measures protect against mediocre security threats. When the bad guys are using “sophisticated attacks,” it’s time to respond with sophisticated defense mechanisms.
Digital Food For Thought