I am becoming a little weary of companies that deal with consumers over the internet, or keep electronic records of their contacts, yet fail to put in place the strictest security available. Some do not even seem to operate basic prevention methods – for example the financial information services agency consultant whose laptop with social security numbers of over quarter of a million New York pensioners was stolen in August.
One of the latest examples of blinkered internet vision is monster.com. ‘No company can completely prevent unauthorised access to data.’ That was the chilling phrase contained in monster.com's security notice to members, following the recent downloading by criminals of a huge amount of personal data from the site.
From all accounts, it appears that the theft of data from monster.com's site was not the result of some innovative hacker weapon but simply through criminals taking advantage of an inadequate system of user identification authorisation. And, despite what the company says, that is preventable!
“No company can completely prevent unauthorised access to data.
No sensible person would argue that every company can prevent any internet attack – or would they? It has become an accepted truism in today's internet culture that the cyber criminals are smart and are inventing new malware all the time, with companies and their suppliers following one or two steps behind, patching and plugging the gaps.
But why does all the brain power belong to the bad boys? We have seen a number of instances of companies recruiting experienced hackers to work on the side of the angels. And I cannot believe that every IT genius is automatically going to turn his or her hand to crime.
I know we have too many indices, but I think there is some argument for an index of the leading companies (financial institutions and others) that conduct a significant part of their business on the internet, which measures the number and severity of security breaches that they have experienced. And I am not sure that investors or customers should accept the monster.com statement that it is 'impossible' to prevent unauthorised access to data.
Sue Copeman, Editor, StrategicRISKSue Copeman, Editor, StrategicRISK