Zappos was one of several online vendors hacked this week. The company claims that only personal information, like names and addresses of its 24 million customers were accessed, but not credit card data. Right.
6pm, another online retailer that happens to have my account information was also hacked and claims that ‘only’ the personally identifying information, like names, addresses, last four digits of the credit cards and passwords of its customers. The company assured us that our credit card information had not been accessed.
Well woop-de-do. . . Individuals don’t seem to care much about their data or where it’s stored or whether it is compromised. After all, they’re on all sorts of mailing lists and they get spammed from all directions, they’re called constantly- barraged by an endless stream of advertising. We rightly assume that the law protects us from credit card fraud and individual data breaches. The fact that our credit card information hasn’t been compromised really isn’t a big issue, is it. After all, our liability as individual consumers amounts to $50, and that’s usually waived by the credit card company in these situations. The real issue is much, much more serious.
While vendors are going around touting cloud computing, every day we hear of large scale hacks of e-commerce providers, government, cloud computing vendors and academia. What could Zappos or 6pm have done differently? How is it possible that the CIA and NATO and Straffor have been hacked?
The crux is that security is mostly a reactive endeavor. There’s only so much that can be done prophylactically. The grand plans that many security vendors market may sound sexy, but they will always be a step behind the conspiracies of the bad guys looking to breach your system and steal your data. That’s just the way law enforcement and security works. The best you can hope for is to have a good structure in place for responding to threats when they happen and a team that can assemble to both quash the security breach and anticipate future threats.
6pm, another online retailer that happens to have my account information was also hacked and claims that ‘only’ the personally identifying information, like names, addresses, last four digits of the credit cards and passwords of its customers. The company assured us that our credit card information had not been accessed.
Well woop-de-do. . . Individuals don’t seem to care much about their data or where it’s stored or whether it is compromised. After all, they’re on all sorts of mailing lists and they get spammed from all directions, they’re called constantly- barraged by an endless stream of advertising. We rightly assume that the law protects us from credit card fraud and individual data breaches. The fact that our credit card information hasn’t been compromised really isn’t a big issue, is it. After all, our liability as individual consumers amounts to $50, and that’s usually waived by the credit card company in these situations. The real issue is much, much more serious.
While vendors are going around touting cloud computing, every day we hear of large scale hacks of e-commerce providers, government, cloud computing vendors and academia. What could Zappos or 6pm have done differently? How is it possible that the CIA and NATO and Straffor have been hacked?
The crux is that security is mostly a reactive endeavor. There’s only so much that can be done prophylactically. The grand plans that many security vendors market may sound sexy, but they will always be a step behind the conspiracies of the bad guys looking to breach your system and steal your data. That’s just the way law enforcement and security works. The best you can hope for is to have a good structure in place for responding to threats when they happen and a team that can assemble to both quash the security breach and anticipate future threats.
No comments:
Post a Comment