Cybercriminals Can Afford To Be Lazy—You Can’t
added: 06.18.2014, by Mike Spinney
There has been a lot of bad information security news in recent weeks. Open source technologies that weren’t as secure as everyone would have liked (but they’re free, so…); malware and hackers coming up with nifty new ways to make life miserable for everyone; and data breaches. Lots of data breaches.
It’s hard to keep pace with the pace of the news. Every time I think I have a good idea and prepare to write a blog, something distracts me for just long enough to make the thought obsolete by the time I get back to what I was doing. That’s not a good rhythm for a blogger to get into, but I’m being transparent.
This morning, however, I came across an article in Forbes that caught my attention and I decided to pounce before it was no longer relevant. That is to say, before my thoughts on the article were no longer relevant.
Ten noted information security experts were asked one simple question: what can be done to “fix” cybersecurity. Their responses were interesting, though not necessarily groundbreaking. Maybe that’s because (as many implied) any progress we can make to improve security and privacy online is better than none and we can’t afford to do nothing while waiting for the cure-all. What’s that old phrase, “the perfect is the enemy of the good?”
I won’t summarize each response. Most are already well-summarized and I’m confident that if you’ve made it this far into the blog you’re more than capable of reading the article for yourself. But Brian Krebs’ response struck me as the one that made the most sense. In it he made the point that the “bad guys are mostly after information of value that isn’t adequately protected.”
In other words, cybercrooks are innovative, but they are lazy. They’re more than capable of swiping all kinds of stuff, but if you make it harder for them to get at your stuff, there’s plenty of other stuff out there for them to exploit. So don’t you be lazy. Protect what’s yours.
Edith Ramirez, chairwoman of the Federal Trade Commission, told Forbes that we “should encrypt sensitive data. Encryption, properly implemented, is becoming more important. That applies to sensitive information across the board.”
Good advice. Encryption is easy, and while nothing is fool-proof, encryption works. And it is the best tool available to adequately protect sensitive information, making it more difficult for the bad guys.
From the outset we’ve said that organizations and individuals need to take greater responsibility for their information security and document protection. And we’ll keep saying it. And we hope that more of you will continue to use HoGo as one of the tools to protect your sensitive information.