Why do we keep making the same mistakes? Dave Lewis reflects on the year past, warts and all

COMMENT I listlessly stare into the popcorn ceiling far above me. The sound of the log on a fire crackles away in the hearth.. on my television set from across the room.

I find my thoughts wandering aimlessly across the events of the past year. Paramount amongst these thoughts is: why do we keep making so many of the same mistakes in security?

When I think of missteps that stood out in 2019, data breaches jump to the front of my mind. The pace and scope of these kinds of incidents continue to grace the news headlines unabated. Are we building our enterprises so fast that we can no longer keep up with security?

We collectively talk about best practices and speak to security hygiene, but I can’t help but see a recurring theme in the types of security issues that are out there plaguing organizations.

Passwords are a great example. Let’s look at the idea of a house key that is dropped on a train platform. Attached to the keyring is a tag that says, ‘If found return to…’.

And it hits you. There is a house nearby that you have the key for and there is a 50/50 chance that no one is home. The key provides the homeowner with the illusion of security. It does nothing to deter the person who found the key from accessing the home beyond trust in their neighbor.

This illusion of security may very well extend to those digital tools that have now become so vital in how we do business.

Cyber-attackers continue to purloin information from exposed databases and ransack websites with poor security implementations or reused credentials in order to cause financial harm, or steal personal data from the victim.

Where do we go from here? Multi-factor authentication is an excellent first step. But let’s be honest: something has to change at a larger scale. We have collectively relied on deprecated notions of what security is for far too long. This is a story that I continually hear from security practitioners the world over, where men and women share the same tales of fighting against malicious actors.

Tim Berners-Lee penned an opinion piece in The New York Times on November 29, 2019 called, ‘I Invented the World Wide Web. Here‘s How We Can Fix It’ where he discusses what he calls the Contract for the Web. He positions this as a way to push past the stalemate to improve the safety and security of the internet overall.

The problem I see in this is that most governments and corporations don’t have much in the way of incentive to adhere to a contract such as this when there is control at stake and money in play. I want to be wrong. I want to see a return to a Utopian vision of the internet where information would be freely shared. We would have access to all manner of web services without any sort of impedance.

So, while I have my reservations, I welcome the new year with cautious optimism to right the ship in 2020 and shift to a new security perspective.


YOU MAY ALSO LIKE Smart cities dumb down privacy concerns