November 23, 2015 at 9:17 pm
Comments posted to this topic are about the item The Biggest Data Breech (For Now)
November 24, 2015 at 4:22 am
Aw come on Steve. Engage your brain. You are at least as smart as me if not smarter. If you read your editorial with fresh eyes and you DBA brain engaged then you would immediate spot that:
b) 1 company does not always = 1 person
c) there will be an overlap between persons associated to a household and persons associated to businesses
...or is it me who has passed the test and won the prize?!?!?1
Joking aside, another poignant editorial. We could do with less hype and more facts in the reporting of data breaches (as said) and a better spread of knowledge of what can be done with that data. I think that the general public have their view of what is likely to occur based on Hollywood (see War Games, Hackers, Mission: Impossible, Swordfish, James Bond, The Matrix et al) i.e. not a clue.
1 Prize: Free year's subscription to SQLServerCentral.com Newsletter.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
November 24, 2015 at 4:36 am
Actually if you read the article referenced its simpler than that. 100 million is the total for the hackers, JP Morgan was not the only institution hacked.
November 24, 2015 at 4:55 am
Paul Holden-232370 (11/24/2015)
Actually if you read the article referenced its simpler than that. 100 million is the total for the hackers, JP Morgan was not the only institution hacked.
'tis true your honour. I only read the editorial.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
November 24, 2015 at 5:21 am
I think one of the major problems is that when a company is hacked, they act like they're doing everyone a favor by "issuing a press release disclosing the incident" and blaming others. I'll never forget the attitude behind the Home Depot quote "We sell hammers" when it came to denying the request for investment in security.
The attitude problem both of these things highlight is a major part of the larger problem. It simply isn't taken seriously. In the end, how much money have they saved by skimping out on security? Well, they need to have the spokesman issue press releases, fire at least one patsy, pay for credit monitoring and pay their lawyers tons of cash. People seem to forget the "black eye" that used to be associated with a breach, so the cost of lost business is getting less and less.
The more data breaches that occur, the less time and attention they're given by the media. It's almost become boring to hear about them because there's nothing else to be said that wasn't said about the last one.
Unless the attitude regarding security is fixed from the top down, we are going to get more data breaches, including large ones.
November 24, 2015 at 5:45 am
I work for a company where for decades the first rule of computing seems to have been 'Defense of the system is more important than its use' which has resulted in a lot of frustrated users over the years. But no major breaches that I know of.
November 24, 2015 at 6:40 am
Paul Holden-232370 (11/24/2015)
Actually if you read the article referenced its simpler than that. 100 million is the total for the hackers, JP Morgan was not the only institution hacked.
You're right. Thanks for pointing that out.
November 24, 2015 at 8:06 am
Corporations allow the owners to have limited liability. That also makes the guys making the BIG money more casual about these problems. If someone took 100 million DOLLARS from them, they CEO would take it more seriously. Perhaps the company needs to be on the hook for pure cash to the identified people. We should be limiting the amount of information these companies are allowed to have on a person.
November 24, 2015 at 8:13 am
Can you start to imagine criminals using the information intelligently to not directly sell the data but to make a secondary use of the information.
I think they call these people marketers.
p.s. breech or breach? 🙂
The three biggest mistakes in life...thinking that power = freedom, sex = love, and data = information.
November 24, 2015 at 8:49 am
swwg69 (11/24/2015)
Corporations allow the owners to have limited liability. That also makes the guys making the BIG money more casual about these problems. If someone took 100 million DOLLARS from them, they CEO would take it more seriously. Perhaps the company needs to be on the hook for pure cash to the identified people. We should be limiting the amount of information these companies are allowed to have on a person.
There are dangerous, and potentially unintended, consequences of changing this. Also, this is what insurance is for. If insurance companies started charging much higher rates, or requiring more code review, this might change. Until that happens, which often doesn't without some regulation, not sure things will change.
November 24, 2015 at 8:50 am
IMHO (11/24/2015)
Can you start to imagine criminals using the information intelligently to not directly sell the data but to make a secondary use of the information.
I think they call these people marketers.
p.s. breech or breach? 🙂
I see breech and breach both written. Breach is breaking into. Breech is buttocks or part of a cannon.
November 24, 2015 at 8:59 am
This is a very good follow-up to yesterday's article on Technical Debt. They really dovetail nicely. At my new job I'm on a team that's developing a framework that we hope will be used for much of the internal LOB apps we have. (Most of our current LOB apps are all Microsoft Access applications written 15 or more years ago and poorly written at that.) We're working on a framework that should carry us forward for the next 5 to 10 years. It will be more robust and more flexible. And it will be more secure. But it takes time. Our first major deliverable won't be ready for several months, but our customers aren't happy with that. Last week one of our business analyst and I were in a meeting with one of our internal customers. His app isn't the one we're currently working on. We told him the news and you could just see that he'll probably go back to his department and try to find a way to go around us in order to get something faster. This is how they got in the situation they're in now where they brought in a contractor to work on the MS Access application and the contractor didn't finish the job before he had to go onto his next project. I just have a sinking feeling that they're just going to do it again and hope for the best. Meanwhile IT will have to pick up the pieces. It reminds me of that card game, UNO, where because of the way the cards get dealt and played you wind up with a really large deck of cards that you can't play. That's the way this scenario is beginning to be played out.
I've no answer to this situation between the need to make software better and more secure vs. the need to get something, anything into the user's hands as quickly as possible. It is a real dilemma.
Kindest Regards, Rod Connect with me on LinkedIn.
November 24, 2015 at 1:24 pm
It would help if businesses invested in training their staff.
When I was a DBA I knew how to secure SQL Server but I knew nothing about network security and the infrastructure underpinings.
Moving to the cloud means that I have had to learn a great deal about OS hardening, network ACLs, security groups, firewalls and routing tables. I can't pretend to have more than a rudimentary grasp of what is necessary but I do know that the people who have the required skills are worthy of respect
Viewing 14 posts - 1 through 13 (of 13 total)
You must be logged in to reply to this topic. Login to reply