Over the last few months we have watched as the Anonymous Collective (or movement if you want) has shown how little thought is put into the security of your data. This is from banking data, to credit card information and even the data that is collected by social networking sites like Facebook. The level of incompetence that has been shown in many of these is sickening. What makes this an even bigger slap in the face is that many of these companies cut their IT budgets (or outsource) first when things get rough. This shows that they just do not really consider security an important issue and the loss of your information is an acceptable risk in terms of potential profit and loss.
Maybe what is needed is a liability law that holds these companies accountable for the protection of your personal information. Make them financially responsible not only for actual damages, but also for potential damages from this type of theft. We are willing to bet that if this were the case we would see security become a bigger priority.
To see the sad state of the security just look at the recent discoveries. Flaws were found in the SCADA hardware (Supervisory Control and Data Acquisition) that is used to control vital infrastructure services like power, water and gas. These devices were not only connected to the open internet (sometimes with no firewall), but many of them were still using default password which could be found using a search engine!
On top of that we are hearing that many medical devices use unprotected wireless connections to allow for firmware updates. How on earth could anyone build a life essential device with no security? I am seriously at a loss on this one. I am not a big fan of lawsuits as I consider them counterproductive and often frivolous, but this is one time when I think we need one. The company in question here should be accountable for covering the cost of the device and everything that goes into replacing them (the surgery, hospital stay and rehabilitation).
Instead of fixing these items or making laws to hold these companies accountable the current governments try to point the finger at the ever looming Anonymous threat. This is pretty odd considering that the SCADA issue has been public knowledge for more than two years without an Anonymous attack and the open wireless of medical devices (including many that are used in hospitals) has also been documented.
As technology advances we have to keep pace with security needs, we are aware that many government agencies would not be happy with secure devices (it makes monitoring so much harder) so there is not only the cost saving incentive, but that bog brother incentive as well. Still this is an election year and the incumbent congressmen and women are sure to see some rivals that will pledge to deal with this. Before you jump on someone preaching privacy and security’s bandwagon give them a thorough check and make sure they understand the real threat and the technology involved before you put them in office. If they do not, then they will rely on the same people that are pushing dangerous laws like SOPA, PIPA, CISPA, ACTA and countless others.
Discuss this in our Forum