Liability, Hackers, Security and losing faith in the System: What’s The Answer?

Published on July 4, 2011 By DrJBHL In Personal Computing

In the wake of LulzSec, Anonymous, AntiSec, botnets, phishing and malware, etc., etc., etc. I’m really feeling that the system has let everyone down.

I don’t mean I need someone to make the playground a safe place to be in. I’m the first to acknowledge that I am responsible for my computer and browsing habits.

I mean that I expect companies, agencies, corporations and IT professionals to take things seriously. They need to protect what we trust them with.

Instead, we get a “disclaimer”, which absolves everyone from the software writer to the CEO, company, agency, etc. and leaves you without recourse.

Well, that’s not good enough when some criminal makes off with your life’s savings and identity.

You might be taking every step you can or can afford to take and be completely responsible, yet at some point you’re dependent on others to do their jobs.

I’m saying this is not an “Act of G-d” which no one could anticipate and prepare for. IT professionals can, do and are capable of making tremendous contributions to Information Security. They do more than fix computers and keep networks up and running.

More: They deserve respect. Their jobs require CEO’s and others (co-workers) to take them seriously. I don’t think they receive it, and I don’t see the attitude “I can’t be bothered to understand, know, do and be responsible for security” as being helpful or useful. Further: Everyone in a company, agency or corporation is responsible for keeping security policy.

So what’s the answer? How do we get out of this mess? I don’t say there is one, and I don’t claim we can. I do say we can try a lot harder.

I’ve just read in PCWorld that 90% of companies in a recent survey say they’ve been hacked. Worse, 50% said they’d been hacked twice or more.

That’s insane!

I believe someone has to establish, set and require the standard. I also believe that's part of the IT professional's job. Also, nothing less should be accepted nor required for those who decide to require sensitive numbers and data from others. You see, there’s an ethical and moral responsibility (as well as legal) which no “Disclaimer” should be allowed to invalidate except in the case where the company, corporation or agency has met or exceeded the required standard.

I believe in the IT people. They should be able to do their work and be heeded.

There also need to be really significant “deterrents” for criminals.

No claims of the victim causing it should be tolerated. If there is negligence, there’s liability. Yes, liability.

It’s laughable, but liability attorneys might be the very solution we need. That’s because said agencies, etc. have one thing in common: Enlightened self interest.

They don’t want to have to explain to the shareholders why they screwed up and lost them money. Sony and dropbox are finding out about that now. There are suits in progress.

Also, it can be made abundantly clear by serious CEO’s that either you learn and do correctly or you’re gone.

Sources:

http://www.juniper.net/us/en/local/pdf/additional-resources/ponemon-perceptions-network-security.pdf

http://www.pcworld.com/article/230937/survey_90_of_companies_say_theyve_been_hacked.html

http://arstechnica.com/tech-policy/news/2011/07/will-your-employer-get-sued-for-your-security-screw-ups.ars

Comments (Page 2)

Dr Guy

on Jul 05, 2011

DrJBHL

reply 9

Was. I believe IT specialists, if heeded and allowed to make data secure, can do it.

I do not believe they can. many hacks are through social engineering, and as long as you have people with access to data, you are going to have hacks. I think more care can be given towards securing the data, but you are not going to eliminate data breeches no matter the security. The only way to make it 100% secure is to deny all access, but then the data is worthless.

DrJBHL

on Jul 05, 2011

The hacks can be prevented for the greatest part by people following rules. I think OS's have weaknesses that need addressing, part of that is by establishing rules like no facebook/private-non business related email/im'ng on company computers. Is that perfect? No. But if people are allowed to do those things on company computers, then breaches are very likely to happen. If people conduct their private business on private devices, then the company/agency will be safer. You'll agree with that, I'm sure.

I also agree with you that nothing is perfect, but things can be a heck of a lot better than they are at present, and I think IT Pros can really make huge improvements to the current state of affairs if they are listened to.

Disturbedcomputer

on Jul 05, 2011

2 find again

ElanaAhova

on Jul 05, 2011

The IT professionals, well, ere the professionals. Reading this thread has enlightened me. I really thought IT supervisors, and officers had a lot more influence in corp life than, they, apparently do. That's a sad state of affairs.

Dr Guy

on Jul 06, 2011

DrJBHL

reply 17

The hacks can be prevented for the greatest part by people following rules.

Agreed, but social engineering relies on the fact that people are not machines and not perfect.

DrJBHL

reply 17

I think IT Pros can really make huge improvements to the current state of affairs if they are listened to.

Ok ,Dilbert. (Like that is going to happen in our lifetimes).

mbar8

on Jul 06, 2011

ElanaAhova

reply 19

The IT dept where I work seem to call all the shots when it comes to how data is collected and stored.

DrJBHL

on Jul 06, 2011

Dr Guy

reply 20

Ok ,Dilbert.

That's 'Doc'-bert, Dr Guy.

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

Richer content, access to many features that are disabled for guests like commenting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!