02 Apr Cisco Annual Security Report Warns of “Delusions About Cyber Security”
The idea of corporate management being delusional about the security of their networks seems almost laughable given the state of the recent successful cyberattacks against companies such as Home Depot, Target, and even Adobe. Yet the network giant Cisco reports that management believes that their networks are secure. Investigations into the security processes as major corporations show that many of the critical software updates to programs such as Microsoft’s Internet Explorer have not been implemented, and about half of the study’s respondents admit to installing security patches necessary to keep the network safe.
Consumers at Risk
One often-preached business axiom is that they key to a successful business is to make sure your customers are the number one priority. But with management having the idea that their systems are secure when in fact they are not puts the very heart of their business at risk. It is important to note that the continuing assault by hackers on company networks has compromised the data of millions of consumers over the past few years. The question is whether it is an issue of ignorance or complacency.
There is little doubt that corporate management has studied consumer response in the light of the aforementioned data breaches. What seems to be true is that while there was an immediate negative reaction to the events, many customers returned to their usual buying habits and essentially forgave the companies for their lack of effective security.
Since this happens to be the evidence, the delusional state of corporate management can be understood. The rule seems to be that if it isn’t broken, don’t fix it. While the network security may be broken, what doesn’t need to be fixed is the company’s profitability and bottom line. Consider Adobe, whose massive data breach exposed the unencrypted passwords of millions of its users. Their ace in the hole is that video developers and much of YouTube requires the Flash add-on module or the Flash Player to be installed in order to watch most videos online. In other words, the consumer needs Adobe more than Adobe needs its customers. From the perspective of computer security, this is only bad news.
Nobody seems to know what it will take for consumers, who provide a continuous stream of personal and shopping information for companies such as Google to profit by, to start demanding that companies be made accountable more to their customers than to their stakeholders. This is why there is such a disconnect between the perception of security and the unsettling reality that defies the perception. Until there is a demonstrated need for companies to take care of their existing customers instead of chasing after potential customers, it is likely the status quo of delusion will reign in corporate offices.
One point seems to have been missed in the discussion of computer security and consumers. The hackers rarely are after corporate data. That is usually reserved for governments who are seeking military or financial secrets that will be of immediate use. The majority of hackers are after the personal data and financial access of the average consumer. Corporations have insurance against such losses. Consumers are exposed and do not have the resources necessary to recoup any losses.
A corporation’s identity is well-known, as are its methods of operation. Consumers try to keep their business and financial affairs private as much as possible. It is ironic that people are required to surrender a host of personal information to access business and consumer services, while companies are able to hide in a pile of forms, paperwork, and legal processes. It is no wonder there is a disconnect between company and consumer when it comes to security.