Saturday04 February 2023

The State of Data Security is Unlikey to Change Unless Consumers Demand It.

Reading time is around minutes.

This morning as I was cursing through the internet news sites I noticed a trend. I saw multiple articles about the state of security all of them claiming that the bad guys a winning or lamenting about the increase in cyber-attacks. Both of these themes are very true, we are seeing an increase in the number of attacks per day (in 2012 it was roughly 1 per day) and the “bad guys” seem to be able to penetrate security with ease. So if this is the case, why do we see more and more efforts to move data and services into the cloud?


Now this is not just a rant about the cloud, but it is a question to the companies that continue to push their services to the cloud without making sure they properly protect themselves. The list of companies that have been breached in the last 12 months is staggering as is the fact that roughly 110 million people have had their personal accounts hacked and information stolen. On top of that, thanks to all the breaches of large companies like Adobe, LinkedIn etc. around 432 million accounts were compromised. To call this state shameful is an understatement of epic proportions.  

Yet for some reason (sarcasm intended) we still hear about how moving our data to new cloud services is perfectly ok and how this is the proper evolution for services including the potential for cloud based operating systems. If these companies are not capable of protecting current services why in the world should consumers put their trust in any new services? Of course some of the reasons that these practices continue is that people are not pushing back in the way that they should, these breaches are so common now that it has become part of the background noise for them. During the Target breach I heard from multiple people that they were affected and yet there was no word of not shopping at Target in the future or any other consequence for that incident.

Consumers and corporations are allowing this trend to continue. Apathy on the part of the consumer, it is just another thing they have to deal with. Oh look, company X was hacked, time to change my passwords again.  In the corporate world it is something else. What this something is, is harder to define. In many case the company in question hides behind fiduciary responsibility and delaying important updates and fixes simply because they do not want to spend the money at the time. There is little to no money put aside to perform updates/upgrades or replace hardware dynamically in the event of a breach. So instead many companies buy insurance to cover themselves monetarily, just in case. You would think they would want to put that money into more proactive protections, but this is simply not the case in many modern corporations.

One very important thing to remember is that success breeds boldness. When a simple hack gets you access to a wealth of data you are going to try it in other locations. It is also widely known that corporations take far too long to react to a breach at another company (if they do anything at all). There are still sites that are vulnerable to the heartbleed bug and many others that run outdated and vulnerable versions of code despite the increasing number of successful attacks that happen per day.  In reality we are likely to see an even greater increase in hacks and breaches until something upsets the current status quo. It is not likely that corporations will change as they do not see any loss in revenue. We know the hackers are going to keep at it, so it is up to consumers to demand more from the companies they entrust their data with. Make them realize that there is a potential for lost revenue and lost customers when they allow things like this to happen. Fiduciary responsibility should not trump a company’s responsibility to their customers and to the consumer’s right to feel their personal information is safe.

Tell us what you think in our Forum


Last modified on Thursday, 29 May 2014 14:28

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.