Here’s a shocker: We’re At Risk Because Nobody Really Cares About Cybersecurity!
I recently completed a risk assessment for an organization, and I am waiting to present the findings, but as I was describing this to my girlfriend her response shocked me: Nobody cares! At first I tried to convince her people did indeed care, but to no avail. I realized a cold hard truth as to why so many organizations are getting hit (again, and again): while Information security professionals do care a great deal about security, and many other key people in organizations also understand and respect the cyber-threats: a large proportion of people, and organizations on many levels don’t care, and are just checking off the boxes that they’re running anti-virus software.
People are busy, people don’t understand and are stressed out by the complexity. I believe that many are so overwhelmed, and stressed out by the information overload that they don’t even respond to any non-critical events. This is bad-news for the prospects to stem the tide of all the successful attacks which are making it look so easy.
The fact is that the Internets functionality has far outpaced it’s ability to create secure environments. One issue I see is that the protocol that the Internet is built on http was never meant to be secure, thus https was created as an after thought. In fact I would venture to say that most web-sites could be successfully breached by hackers of only moderate ability.
So where does this all end, how does the story play out. Unless those on the front lines, and not just those who work at companies develop new behaviors and mindsets, the headlines will continue, and not in a good way. Sadly many of those hit in the smaller company range might not even report their losses when their bank accounts get attacked, and they are put out of business.
I believe each of us individually does have some responsibility to try to be more secure, and help each other more in understanding the implications of our current technology behaviors.
Together we can make tomorrow more secure.
PS: You can check out some more information about keylogger programs which can cause your bank account to be drained right here: