Ummm…is this thing on?
Innovation, Uncategorized Posted Mar 22, 2013 by Kevin Kosh
New experience time again. You may remember not too long ago I got a taste of my own PR medicine when I became an interview subject – and ultimately a quoted source – on a security breach.
To be honest, it was fun – at least for me. You’ll notice I haven’t been quoted since. Maybe my phone is broken or the flood of requests is stuck in the spam filter?
Seeing my name in articles in Bloomberg and Threatpost was cool, so what fear should I conquer next? That answer came this week.
Somewhere in what must have been one helluva bender, I agreed to moderate a panel for the MIT Enterprise Forum of Cambridge on Security and Privacy. The panel is titled EntrepreNous: The Role of Customer Privacy and Trust in Innovation. Taking place on April 10 at the MIT Stata Center, the cadre of esteemed security and privacy experts will dive into the data breach epidemic and the gauntlet that new companies must run from a technology, legal, financial and media standpoint.
Little did I know, the moderating gig came with one more surprise. I also was interviewed for a preview podcast. You know how they say people – like me – have a face for radio? Well, I also have a voice for print.
My voice aside, we did have an interesting discussion on some important topics that tee up the session well. Before I send your ears off to partake, I wanted to add just a little more color commentary around the issues.
From my perspective, all the talk of “cyberterrorism” and “cyberwar” can be a bit distracting from issues that at this point are more widespread, damaging and critical – cyberespionage and financial cybercrime (monetizing credit and identity).
Cyberterrorism is the threat that everyone can fear collectively from the perspective of rhetoric and ignore from the perspective of action, leaving it to our government. The issue is that we are an incredibly social and connected society, both individually and in business. From devices, to accounts, to our private and professional lives, our personal information is everywhere. The “bad guys” are just looking for an opening to snatch it.
Businesses also have that same connectedness and social orientation, and need to realize that employees and customers are both victims and enablers. Cybercrime can impact the individual, but also play out to affect the bigger ecosystem. Bad decisions online – whether clicking links or not clicking the right boxes – can spell disaster.
And for the businesses, the theft or exposure of data is only the beginning. The legal exposure that follows is the greater threat.
That’s why those privacy policies that you never read are written not to make you feel better, but to give you as little room for litigation as possible. Currently, there are 46 states, 3 Commonwealths and 14 Federal Agencies that have legislation with differing deadlines and requirements (not even taking into account industry regulations). Even for a modest incident of a few dozen records, fines rocket into the six and seven figure range.
Some would posit that blame should lie with the individuals who create exposure by not practicing personal responsibility with strong passwords and stronger judgment.
But, for many of us, password are like seatbelts. Convenience trumps common sense and no one uses them the right way until they crash.
While yes, we absolutely bear responsibility for protecting our private data, unfortunately we live in a society today that is big on responsibility…but small on accountability.
Realize also that fraudulent credit card use is not the responsibility of the consumer – at least not directly. The charges the business incurs find their way back, but not in a way that will impact behavior.
So, in this way, businesses have to ask: Do you trust yourself to protect your business from breach, fines and litigation? Or do you want to trust hundreds or thousands of employees, partners and customers all to have your best interest in mind?