There were a number of big newsworthy IT events happening in 2017. As we discussed on this weeks Gestalt IT Rundown, the WannaCry ransomware had major impacts across the world. But perhaps even more than widening concerns over ransomware, 2017 was defined by data breaches. Any leak of personal information is scary, but in many ways, 2017 changed the way we imagine the scale of such breaches. Data breaches occurred at such rate and scale that it’s tempting to become inured by their occurrence.
Whenever these breaches occur, the natural response to want to ascribe blame. It’s often easier to simply assign responsibility to a single cause or person, rather than to try and understand how exactly they were put into a position to fail so spectacularly. There’s generally some token outrage in the tech and security communities of companies using outdated encryption, or incomplete security not designed to fail gracefully.
But while there often are valid technical failings behind these breaches, very often the human element plays a much larger roll. In her recently ebook, 10 Ways We Can Steal Your Data, Karen Lopez outlines the many ways that mere communication and organizations deficiencies can result in data breaches.
The book does a good job of illustrating how simply efforts to save time and assumptions made can lead to gaping security holes. The really crazy one was using production data in a test/dev environment. Karen does a great job outlining how organizations get to that point. The book shines because it doesn’t just yell at the reader and tell you that a certain practice is bad. Rather it situates using examples how organizations get to that point. At the end, it doesn’t sugarcoat that these are bad practices, but it shows the journey it takes to make that leap.
The other really interesting way data leaks is the most human example. It comes from an all too common occurance. Many IT admins are not shy about dishing on process and how they work. Karen rightly points out that all you have to do is get a group of IT pros talking about password best practices, and they’ll often literally tell you their own personal password algorithm. I know I’ve done something similar!
Overall the book shows that it isn’t enough to have a technical knowledge of data security. To truly avoid data breaches, you need to eliminate communication silos that lead to harmful assumptions, and maybe not tell people what your passwords are.
- India’s New Data Regulation Bill | Gestalt IT Rundown: December 11, 2019 - December 11, 2019
- Gestalt News for the Week of December 9, 2019 - December 9, 2019
- Machine Learning Dominates at AWS re:Invent 2019 | Gestalt IT Rundown: December 4, 2019 - December 4, 2019
- Digital Transformation is a Myth – The On-Premise IT Roundtable - December 4, 2019
- BONUS: The Origins of Tech Field Day – The On-Premise IT Roundtable - November 22, 2019
- Mirantis Contains Docker Enterprise | Gestalt IT Rundown: November 20, 2019 - November 20, 2019
- Simplification Adds Risk – The On-Premise IT Roundtable - November 19, 2019
- Gestalt News for the Week of November 18, 2019 - November 18, 2019
- Disney Nonplussed | Gestalt IT Rundown: November 13, 2019 - November 13, 2019
- What’s the challenge of IPv6? Find out in Gestalt News - November 11, 2019