2016: A systems security disaster

With more than 900 security breaches recorded so far, 2016 certainly looks like a disaster. And the future doesn’t look good either.

2016: A systems security disaster

This will likely make you angry. It made me livid. 

It’s a report, 34 pages long, from the Identity Theft Resource Center of the known systems breaches just this year.

Read it and rage. 

It does not include the San Francisco Metro Transit Authority (SFMTA) hack from Thanksgiving weekend, where the SFMTA had to let passengers go free through the gates. 

The Democratic Political Organizations are lumped together. There is no known number of records exposed, but this is also true for the vast majority of the breaches cited in this report. It changes daily. 

And it’s a travesty, a blindness, a breach of trust. 

Because corporations and many corporate entities have no legal liability for data breaches, not much is done. Yes, there are vast citations of how much breaches cost the corporations. Occasionally, a few execs or administrators fall on their swords or are otherwise sacked. 

But what this proves is: 

  • The U.S. government is no longer in charge of data border security. These breaches were unlikely domestic, although we cannot know the percentages.
  • Making laws about security is a nihilistic endeavor.
  • Personal data asset value is meaningless, viz the protections asserted yet foiled time and time again.
  • Your stuff, your personal stuff and your loved one’s stuff is online now—and it’s for sale. Scroll through the long list of just this year’s breaches if you had any questions.
  • Political and even government functionality is at stake. Please note just these 2016 political unit breaches.
  • Cohesive threat intelligence is working for some but not for others. An inclusive mandate to share data seems like a great idea, and yes, there are ways to diligently look for strategies that keep the walls high. 

What feeds this? Is it the advent of BYOD? A failure of education? Diligence? I understand the nature of chaos and randomness, but I don’t believe in luck, good or bad. 

The internet and online business has become dominant. Few want to invest more capital and operational expense into their infrastructure because it cuts their rate of return. Paradoxically, people aren’t enraged, although they still buy online from desktops, rather than BYOD/smartphone devices. They’re helpless. They’re not tech savvy. They try to do the right thing. 

Admins try as well. But the vast variety of platforms thwarts configuration wisdom, as the superfluity of hacks on different, even diverse, platforms become commonplace. 

There is not one solid platform, and there shouldn’t be. Nothing is foolproof because fools are so ingenious, it’s said. Yet the real work of restructuring the internet to characterize undesirable activity obviously isn’t on the agenda of the U.S. government, and it isn’t working well for organizations large and small, viz the report.

The security future is bleak. This isn’t a reason to become depressed. Rather, we’re losing the data asset wars to the bad guys, and no one/not enough people seem to be listening.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2016 IDG Communications, Inc.

IT Salary Survey: The results are in