Time to Change

For those who don’t follow security related news here is a quick summery of happenings over the past few months. Things are being hacked, and this is not an exaggeration. Companies such as Apple, New York Times, Facebook, Twitter, and Evernote have seen a recent increase in unauthorized remote access to customer information and login credentials. These aren’t small companies in any regards; Evernote may not be as large as Apple but still has 25 million users.

The question of how these breaches were conducted is not important compared to the question how many of the customers effected are aware of the security breaches? It’s sort of nice to be informed when I can’t access any number of my account because the company servers were compromised.

This brings up the issue of timing of the “official reports.” By delaying the report in order to collect all the evidence and not compromise the investigation is important from a legal standpoint but waiting too long and not informing the customers is also not a good business practice. It’s the unfortunate fact that the informing the user response is not always handled effectively.

When Internet clients are not putting the services they use in a position to take responsibility, nothing will get better. So stop taking your security for granted only you are responsible for your well-being. Services that you use have an obligation to protect client information. Most of the time unfortunately the security measures are up to industry standards. Here exists one of the fundamental issues; security is reactive and mostly about being able to cross out the check box on the required policy sheet. As such standard measures protect against mediocre security threats. When the bad guys are using “sophisticated attacks” it’s time to respond with sophisticated defense mechanisms.