Data Security

Over the past few days many stories were written that show critical systems aren’t as secure as one might think. I just read an article on Slashdot called Most Companies Admit Their Data Is At Risk and it’s no wonder there are many stories about identity theft. Health care records, financial data, social security numbers, etc. are all at risk. A lot of that risk can be reduced though.

The biggest problem I see is a lot of data is out there and accessible on the Internet. Spending more on IT security is all fine and dandy, but many risks stem from uneducated employees who accidentally leak data onto the web. The most secure system in the world is no match for the idiot who has access to the Publish button.

The Large Hadron Collider’s network was attacked recently as well.[source] While it was a simple hack, the LHC IT people revealed that the crackers were one step away from a computer controlling part of the LHC. I don’t even know how this can happen. Who thought it would be a bright idea to stick those computers on any network that was accessible to the outside world? Computers that control ATLAS and the other experiments should be on their own network. That network should not have any physical connection to the outside world.

The company I work for recently had a breach as well. It wasn’t a computer system though. It was a CD containing information such as names, social security numbers, and other personal information. It was suppose to be sent to the state for some tax reporting purposes. The disk never got there though and I got a piece of snail mail about two months after it happened that laid out the situation. I was offered the chance to sign up for a two year LifeLock account for free, courtesy of my employer. Since I now have a LifeLock account, I can safely say my Social Security number is…why should I tell you? Spending money on IT security wouldn’t help in this case, but I wonder why the state still runs it this way at all.

IT security can always continue improving, but it’s the people, not the hardware or software that is to blame most of the time. If a system gets breached because the adminstrator set the password to ‘admin’, who is to blame? The IT administrator of course. The system is obeying what the human is telling it. Artificial Intelligence is just that, artificial. A system can learn over time, but that’s just the wisdom of the crowd. The solution to all of this is to shutdown the internet, but unless you want to live in the stone age, then I would advise against pulling all those plugs.


About this entry