Security Absurdity; The Complete, Unquestionable, And Total Failure of Information Security
Security Absurdity; The Complete, Unquestionable, And Total Failure of Information Security is a must read for any information security professional. It is hard to dispute many of the findings that Noam writes about in his wonderful observations about the current state of the information security industry.
It is time to admit what many security professionals already know: We, as security professionals, are drastically failing ourselves, our community and the people we are meant to protect. Too many of our security layers of defense are broken. Security professionals are enjoying a surge in business and growing salaries and that is why we tolerate the dismal situation we are facing. Yet it is our mandate, first and foremost, to protect.
The ramifications of our failure are immense. The success of the Internet and the global economy relies on trust and security. Billions of dollars of ecommerce opportunities are being lost due to inadequate security. A recent survey of U.S. adults revealed that three times the number of respondents believed they were more likely to be victimized in an online attack than a physical crime. A recent Gartner survey that indicated that 14% of those who had banked online had stopped because of security concerns, and 30% had altered their usage. People are simply losing trust in the Internet.
On an almost daily basis, I encounter questions from average users, wondering just how safe online banking and online shopping truly is. While it is easy to drop technical terms like SSL, IDS, firewall and other similar protection mechanisms, it is difficult to tell someone that those types of online activities truly safe; safe in the sense that walking in to a bank, or using an ATM, and withdrawing funds is safe.
This article is a wakeup call for all of us that are in information security related positions. I encourage everyone to read it and to truly listen to what Noam has to say.