Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
There are solutions, but they can be wildly expensive. The Russians went back to typewriters, stores that never computerized are unhackable...
That's related to one of the things I've been thinking about. Have we become overly high tech with too many things? I don't remember hearing about hacking in 1995.
What's the solution to this? There doesn't seem to be anything full proof for preventing this.
There are solutions but they require a good IT team and more money than the average company is willing to spend in software and hardware. I also wonder how often these are really the work of hackers rather than internal employees simply selling off the data. It seems to me that I would rather craft a story about the former happening than the latter.
You just proved my point. The failures are typically human, not a failure in their processes or policies.
A company with thousands or tens of thousands of employees can't guarantee that each and every one of those people will have the security of your personal data high on their priority list. It's not reasonable. What they can do is develop policies and procedures that reduce the risk of exposure as much as is practically possible. And honestly, what more can you ask them to do? You're a techie guy - what solution do you have that guarantees to eliminate the hacking of all computer networks?
And therein lies the issue. There are no guarantees in life.
But one of the biggest issues today with regards to information security is in the lack of security roles within leadership. I've been in InfoSec for over 15 years, and it's only within the last 7 or so years that you've started to see a change. I believe it was recently reported that both JPMorgan and Target did not have anyone in a CSO/CISO role. So it's no surprise that perhaps some of the security needs were probably overlooked. They didn't have anyone responsible for them.
And for most organization that may have a CISO or Security Director, they probably report up the IT chain. Which can be a conflict of interest. And I still see some companies where the IT head actually reports to the bean counter (CFO).
Again, this is slowly changing. But until you have leadership that can commit solely to risk/security, these breaches will continue to be normal occurrences.
Well said, macroy. Turf wars in the boardroom are constant in business. Beancounters and COOs will fight tooth and nail to avoid losing ground and influence. Only when a security director reports ONLY to the board will they have the clout to plug holes.
11-10-2014, 09:19 AM
i7pXFLbhE3gq
n/a posts
Quote:
Originally Posted by NHDave
And many companies take the stance of, we'll worry about it if it happens. They fail to do proper auditing or evaluation, fail to encrypt critical data, fail to keep servers updated/secured. People don't learn from other peoples mistakes. There are plenty more breaches to come.
The apology statements that always come after a breach claiming that our privacy and data security are of the utmost importance to them are nothing but a joke.
Pretty much this.
Home Depot failed to take basic security measures for years. They even put a guy in charge who, after being fired by his former employer, sabotaged their network. He's now in jail for that stunt. He also once offered up this little gem:
"I love to write and distribute Viruses. " - Home Depot's former senior IT security architect
Home Depot failed to take basic security measures for years. They even put a guy in charge who, after being fired by his former employer, sabotaged their network. He's now in jail for that stunt. He also once offered up this little gem:
"I love to write and distribute Viruses. " - Home Depot's former senior IT security architect
I don't think that it's that hard, frankly. Apple Pay's model in which the merchant sees a specific transaction token rather than a general credit card number is a great solution. The merchant never, ever sees the credit card number and that number is never transmitted.
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.
Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
