ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here:

Security threats Toolkit

Story: Wi-Fi hack caused TK Maxx security breach

Posted by: Arthur B. (Saturday 12 May 2007, 11:08 PM)

Issues like this

will happen over and over again until immediate realistic liability by law is introduced and enforced throughout the entire chain involved.

Bad security is mostly never a single entity fault. Usually a whole chain is involved with plenty of room for pointing blaming fingers. There's also the market attitude, whole generations out there that don't have the first clue about what's involved with security. Poorly educated in that area but worked their way up to decision making of advising level nonetheless. No-one will force the solution that's secure but customers and end-users won't swallow or can't get wrap their poorly security wise minds around. User friendliness and "functionality" is still chosen above security. Also because most of the stuff in use out there is insecure. For instance, WEP is still a de facto standard out there. And USB. Why?

With hindsight plenty of people demand security. Are even willing to give up privacy and other rights. But ask them to give up WEP, USB, Windows and such and they refuse. You can't have it both ways. You can't smoke and be guaranteed to not get long cancer. You can't drink and be guaranteed to not get liver problems. You can't eat fat and sugar all the time and be guaranteed to not die early. You can't use IT stuff that you can buy in any store and be guaranteed IT security. In short, you get you what you pay for. Shape up or shut up. Either put in the effort beforehand or deal with the consequences afterwards. It's as simple as that.

Reality of life is that if you ask a question to any vendor, advisor, expert, decision maker, etc, you're likely to get an answer that will differ from the answer you would get if a huge contractual penalty clause is involved. Problem is that most are not in the position to introduce such clauses in realistic ways.

The real issue is that IT holds a very unique liability position in today's world. They can practically say or do anything and get away with it, or slightly damaged (but still way below their profit margins). For the record, Microsoft is not alone in this. Somehow I can't blame them for milking that all the way business wise but I blame them for not taking their social responsibility. Again, you get what you pay for. And if you pay for what you're told then, boy, you will be milked. Big time.

To sum it up: "they should have" is a much too simple conclusion. That's symptom fighting with hindsight. The trick is to solve causes beforehand. No-one will put in the effort to reach real security market wide until fingers get tapped real hard and people get educated.

Thing is that real security is not on the corporate and political agenda. And even if it is, it's only about fighting symptoms, PR, power, control, votes and such.

View complete profile

Send private message

View all posts