NOTE: This was originally posted on LinkedIn.
I originally intended this to be an answer to some of my critics. But after seeing Robert Herjavec’s post asking for a “debate the state — and future — of their industry,” I am going to use this to say that the state of #MyIndustry lacks the leadership and is destined for failure.
I was recently asked why my commentary information security has turned negative. Let us look at the news this industry is making:
- The U.S. Office of Personnel Management, the government’s human resources department, was hacked and lost over 21 million records.
- The infamous Hacking Team was hacked and lost a lot of its internal data and communications.
- Harvard University was hacked and lost login information that could lead to other attacks.
- The University of Pittsburgh Medical Center had their fourth breach in three years when it was discovered a sensitive file was emailed to the wrong person and used to attack their systems.
- Retailers like Home Depot, Target, and Neiman Marcus have all been attacked.
- Sony and Skype represent companies in the technology space that should know better but were successfully attacked.
- Attacks on Anthem, CareFirst, and Premera have the potential to be as dangerous for their customers as the OPM hack. Given Anthem and CareFirst’s market coverage in the Washington, D.C. region, there may be quite a bit of overlap.
- Today, the AP reports that CVS Photo’s website was taken off-line after it was determined it was attacked and credit card information was stolen.
The Credit Union Times says that the number of data breaches in 2015 is on record to break all kinds of records.
When does it stop?
I thought it would stop when OPM was hacked and lost over 21 million records of individuals and their families who have undergone security clearances. But it has hardly done more than raise an eyebrow. As long as the people working with computers and networks keep doing the same thing justifying their actions by saying it is “best practice,” nothing will change.
If Albert Einstein was right saying that the definition of insanity is doing the same thing over and over again and expecting different results, then this industry has gone well beyond insanity.
In classic political science, governments are supposed to provide common services when markets fail in those tasks. It is clear that technology industry has failed in their ability to provide the safety and security to the people. It may be wise for the industry to look at security in new ways. The alternative would be for the government to regulate the industry in a manner similar to the automobile industry of the 1960s and 1970s because right now, we are unsafe at Internet speed!