Brazen attacks shred
faith in data security
North Korea’s Kim Jong Un was not amused by Sony’s movie “The Interview.”
As the year began, more than 40 million credit card holders got a rude awakening when they learned their account data had been stolen from retailing giant Target.
As it draws to a close, the world has been regaled by emails and other sensitive data stolen from electronics and entertainment mega-corporation Sony.
These two major hacks bookend a year in which data privacy and security have been dominant themes in the news.
Never before has it seemed that everyone is at such risk from unseen, unknown threats. You are not alone if you have little faith that government and businesses cannot be trusted with your data.
According to a November poll by the Pew Research Center, Public Perceptions of Privacy and Security in the Post-Snowden Era, a stunning 91 percent of adults believe that consumers have lost control over how their data is collected and used by companies.
An equally huge majority, 80 percent of adults agree or strongly agree that Americans should be concerned about government monitoring of their phone calls and emails.
“There is little confidence in the security of common communications channels, and those who have heard about government surveillance programs are the least confident,” the poll finds.
An alarming headline from CNN Money. Stories like this abound, increasing angst.
One needs look no further than the headlines to find a major source of this angst.
Online privacy is dead proclaimed CNN during the height of the revelations by former NSA contractor Edward Snowden.
“Strong passwords and encrypted email services were never truly enough to protect users’ online privacy. But recent revelations about government surveillance even throw into doubt the effectiveness of far-out measures of data encryption used by the most careful people surfing the Web,” writes Jose Pagliery.
Technical solutions to data breaches abound, but the hacking of 56 million customer credit cards from Home Depot demonstrates their inadequacy when the motive is profits.
According to a September story in The New York Times Ex-Employees Say Home Depot Left Data Vulnerable the company was slow to react and relied on outdated software to protect its network.
“Interviews with former members of the company’s cybersecurity team … suggest the company was slow to respond to early threats and only belatedly took action,” the Times reported.
The story adds the alarming warning that government officials estimate that as many as 1,000 retailers have been hacked, and that many companies do not even know they have been breached.
“[S]ecurity experts … say retailers have not only been complacent about security, they have also been reluctant to share information with one another.”
Privacy it seems is under assault from two directions.
The monitoring of private communications by government is now undeniable, despite official protestations to the contrary. But data stored by private enterprise now has been revealed to be less than secure, making every cutomer and user vulnerable to its theft.
It is no wonder that trust in government and business is low and dropping. According to the Pew study, “While the surveillance practices of government agencies have been the focus of many public discussions and debates post-Snowden … Americans are also concerned about data collection by advertisers. Additionally, public concern over the amount of personal information businesses are collecting has been growing.”
According to the poll, only 18 percent of adults trust the government “all” or “most” of the time; the numbers are even lower for businesses, just 12 percent.
In case you feel helpless and watching “The Interview” movie didn’t make you laugh, there is a glimmer of hope.
On Christmas Eve, the Electronic Frontier Foundation noted that 2014 was a year in which Web Encryption Gets Stronger and More Widespread
“[W]e’re happy to report that although there is still much work to be done, there has been a major boost to [encryption] adoption Internet-wide. In addition to wide adoption, the implementations have gotten better … As it turns out, 2014 was also a year of major vulnerabilities found in existing web encryption technologies.”
Technical fixes are good, but there can be no substitute for exercising caution when using electronic communications of all types. Awareness is the most important starting point for all of us.
Knowing which are the most vulnerable (credit or debit cards, social media or texting) and being circumspect all play a role. Nothing can ever be perfectly secure, but we can minimize our chances of becoming a victim. In the digital age, this is perhaps the best we can do.
FEEDBACK: Contact site admin directly