Where Is Today's Cyber-Security Leadership?By Samuel Greengard | Posted 2016-01-08 Email Print
We need to rethink convenience. In the rush for fast and easy, we've created a massive and expensive security problem that threatens the integrity of business.
One of the travesties of the digital age is the current state of cyber-security. Nearly every article I write for Baseline and its sister publication, CIO Insight, now touches on this topic. And, if you think things are getting worse, it's not your imagination.
For example, Ponemon Institute reports that the cost of cyber-crime jumped by 19 percent over the last year alone. Annual losses to companies worldwide now exceed $7.7 million, and some companies are hemorrhaging as much as $65 million.
In addition, the lack of cyber-security also has a real-world impact on people. I recently discovered that I had become a victim of identity theft. Among other things, someone decided to submit a mail-hold to the U.S. Postal Service and then applied for two credit cards using my identity.
Fortunately, the banks detected probable fraud, and the cards weren't issued. However, I had to submit alerts to the major credit bureaus, obtain a police report, and submit documentation to the IRS and other agencies. It's been an enormous time suck, and my credit rating is now at risk.
If you haven't yet been targeted with fraud or identity theft, the clock is ticking … and the bomb will eventually go off. As a result of increasingly sophisticated malware, savvy social engineering and weak enterprise security, we're witnessing a steady and growing barrage of breaches.
The loopholes, gaps and breakdowns are frequently mind-boggling. I never knew that anyone can put a mail-hold on anyone else's account until it happened to me. The USPS requires no verification. You can also change another person's mail address if you're willing to pay a $5 fee.
Unfortunately, there is no light at the end of the tunnel. We're still using passwords—essentially digital skeleton keys—to authenticate accounts and logins.
Unencrypted data and databases are all too common. And many merchants still haven't updated their point-of-sale (POS) terminals to support more secure chip cards and mobile pay systems—let alone the far more secure chip and PIN systems used in Europe and other parts of the world.
At this point, we need to seriously rethink convenience. In the rush for fast and easy, we've created a massive and expensive long-term security problem that threatens the basic integrity of business.
We need true biometric systems, two-factor identification, chip and PIN cards, more and better encryption, and systems that use trusted location data to block fraud and theft. We also need more advanced algorithms and artificial intelligence to detect hacking and implement fraud detection.
Finally, we need some real leadership, including Apple, Google and Microsoft working with financial firms and the business world in general to create a security framework that's worthy of the digital age. The status quo simply isn't acceptable … or sustainable.