Security: a tenet of Trust


When one thinks about the internet, now at a staggering 10 yottabytes (that's 1 with 25 zero's after it), it's easy to see why it's so unmanageable and why we find it so difficult to detect all those security threats we hear so much about.Ian Urbina from the New York Times talks eloquently about Passwords as a tool in our effort to safeguard what is most important to us - our keepsakes.  Then Nick Miller from The Age in Australia shows us how Russians are hacking webcams monitoring our babies and children, all because they can, using default login details readily available online - maybe we don't create a password of our own choosing because it doesn't occur to us, we don't read the instructions, we are apathetic, or we thought we did... the reason is immaterial, what's significant is that these security threats are making the internet generally unpalatable when if comes to our most important assets: our life and our family.15 years ago, when financial institutions started, no-one could have possibly imagined the sophistication that hackers use today - as Willie Sutton put it when he was eventually arrested after a 40 year career in bank robbery when asked by a member of the Press, "Mr Sutton, why do you keep robbing banks?" his response was, "because that's where the money is."  The driver for beating the system is clear and it's not going to go away.  If you are a wealthy individual, i.e. "that's where the money is", you should be particularly worried.  The less wealthy have to take their chances and hope the banks keep their valuable life savings secure, and at least there's the reassurance from banks that guarantee that if someone steals funds from your account then the banks will cover your loss.  However, what else (other than your money) are you losing when someone hacks the banking systems?  Your freedom.  Your identity.  Your privacy.  Enough said.What's interesting is that the way our banks are all trying to solve this security problem is by getting the world's best hackers to beat their system - perhaps in an effort to reassure the public that they are trying to do something about it.  All that's going to do is improve the hacking capabilities - the problem is never going to go away.To really fix this problem, the overall mindset about solving the problem needs to change.  If the problem is that when you go online, there is a security risk that the data will be accessible, then surely the best way is to start from the premise that data is not online to begin with.  That, of course, breaks the promise of the internet per se, and one could argue that such a solution already exists: it's called putting your valuable stuff in a bank vault.  Of course, there is a risk that those assets might be physically stolen but it's fair to say that bank robberies are exponentially down from their frequency a century ago, especially break-ins to vaults.Also, there are plenty of examples of internal company systems that are off-the-Cloud, servers that contain very valuable data.  Yes, unscrupulous employees on the inside could still pose a security risk, and, indeed 80% fraud is facilitated by internal personnel during working hours on systems they have access permissions to.  So, again, you're back to the risk profiling argument - and essentially that means "if you don't want the risk of someone else taking your most valuable assets, don't give them them the chance."