Unless we can reduce the acceleration of breaches to zero, and then begin decelerating, then the situation will obviously continue to worsen. And the most disconcerting aspect of this situation is that there is nothing on the horizon to suggest any potential improvement, at least in the private sector. Information security is being given even shorter shrift, with a priority far below many other items on national agenda. Perhaps it is understandable, but it is not acceptable.
We information security and technical and operational risk professionals need to make a better case. Our hopes were raised by the Obama Administration’s request for a 60-day review of the state of cyber security. Well, the deadline for submitting the report was met weeks ago, but we are still waiting to see the expected watered-down report. If it was as important and urgent as it was made out to be, why the delay in making the findings public and acting on them?
The truth of the matter is that those in power appreciate neither the current cost nor the potential damage of security incidents. They can perhaps recognize that there could be a problem, but do not think it serious. As a tech-savvy attorney friend of mine would often say, “Lawmakers believe that computers can do anything at zero cost in zero time.” This misguided belief mitigates against investing in correcting the problems.
Popularity: 5%
