Yes, security is and always has been a big deal not just tech-wise but otherwise in all areas and facets of our economic and personal/social lives. I worked in the security industry for almost twenty-five years and retired as a GS-11 Security type in 1998 so I have some sense of the need and critical use of security necessity.
The problem in security outside of industries and disciplines that take it seriously for both … wait for it … overall security needs but also to the ramifications not just monetary as to budget but to possible economic, security and survival reasons. This is also why folks who applaud persons like Snowden don’t realize or understand what it means when someone goes outside the security and classification arena to express their emotionally ignorant beliefs on what they release.
Once again, private industries who gather our data and fail to apply good solid security to protect it has failed miserably, i.e., now Yahoo has not just once, but twice, failed its customers with horrible security.
In the tech-revolution we have made our selves and conditioned our society to depend heavily on technology such as cloud services, data mining and data brokerage, etc., but in ignorance.
Listen, in business one of the main departments that hardly ever show profit is the security side of the house as well as the administration side although this side has support services that can be seen readily as beneficial. Security tho, is often treated as the bastard child because it does not show profit and benefit … wait for it … until … security breaches rise up and slam them in the throat. So, often security is given lip service and most gamble that they will never have to lose money and profit if some security is breached.
Now, in our modern tech-revolution the fact that predatory actions happen in milliseconds because of the speed and wide coverage of data by the Internet and Iot or Internet of Things means that security breaches can happen instantly, surreptitiously and often undetected until some person/customer or other mindful person notices something hinky going on … usually months to years after the fact. This is just not good.
Then there is this, “Must be first” mentality found in the industry where software, apps and other bells and whistles have to be pushed quickly out into the wild to keep ahead of the competition and keep the board members fat, dump and happy with profits. This means something has to be set to the back burner so the product can be put out there fast and FIRST to gain advantage and edge against competitors. Security is often at the top of the list and properly mind-state QA testing especially in regard to security is second on that list.
One huge reason this continues even in the face of the new money industry of data brokerage is there are no repercussions of note or significance to drive the business toward making and developing proactive security measures, postures and software. There is only one motivator of value to them, money! Hit them hard where they hold profit and make it significant enough they won’t just assign it as “part of business” so they are hurt and they suffer on the profit side when security is found - lacking and vulnerable.
This brings up our current security posture in the tech area, we are much like the police in this country who are conditioned to react over being proactive in serving, protecting and to safety of our cities, counties and country. The minute you become reactive to any dangers or situations where grave harm can and does occur along with potential violence you are behind the curve. You have to be proactive and there is no reason why the industry cannot become proactive in security after all the “Dark Web” of nefarious evil-doers are proactive not just in their own security but in their methods of attack as well such as viruses and phishing efforts.
No wonder Yahoo got whacked, they were complacent in their efforts to secure things properly and they got by for a lot of years but now that the predators of the dark web have such instant ways to garner resources and effect, if they wish, effect nefarious processes against anyone, anywhere and regardless of the physical securities out there such as police, neighborhood watches and home security systems (not going to start on this one since this product is now connected by the IoT, arghhh).
It is time to require and enforce security measures at all levels of the technological industry and it is time to make the profits gained from such efforts as data mining to the data brokerages less profitable without adequate proactive security measures.
Speak up to your representatives and let them know that you are tired and not going to put up with it anymore, you want adequate security measures at ever level of the industry possible from the IoT’s to your accounts and especially to your personal data. It is also time for us, the users, to take up our own personal responsibility in our own Tech-Sec (Technological Security) by learning about how security is breached and what personal actions we can take to support and reinforce our own security of data, etc. It is our responsibility as well as the industry, don’t buy or use any tech until you are assured of its security and remember, just like todays news media you have to fact-check, i.e., in other words seek out information as to the validity of such security measures such as reading KrebsonSecurity site.