I’ve been away recently and hence the blog volume has dropped. Handily, the world has gone mad in my absence: (Deep Breath), Sony hack, Amazon outage, breaches here there and everywhere.
The question is, given the nice chunky high profile organisations involved, will this make a difference? Sony have hired in some talent from software companies to have a look, but one has to wonder whether this means boardrooms will wake up to security as an issue.
When HMRC did their naughty, it caused Government to buy a bucket load of encryption. Did it stop data breaches? Erm, no. Why not? Because chucking technology at the problem alone doesn’t solve it. Like a gastric band, treating the symptoms doesn’t nail the cause. Organisations continue to ignore the process and procedure elements of security, and the net result is failures.
The Sony case may be the sea-change. CEOs’ children will have used the network, and probably Daddy’s credit card details to pay for it. Suddenly the pain is real, because the credit card is at risk, with the result that they will suddenly get what the InfoSec beardies down in IT have been banging on about, and maybe, just maybe take heed. There are governments around the world revving up to take Sony to task in their region, and perhaps this will help.
Time will tell if recent major-league failures of InfoSec are added to the pile of breaches, or whether they make a real difference, but it’s how we react to these changes that will really make the difference.