I do not get why large companies continue to fail at the general fundamentals of safe computing in 2013. Basic fundamental principles continually are over looked and more important, NOT tested, to the degree they should be.
Hence, why hackers and iThieves continue to take what they want like browsing a supermarket and shopping for their favorite fruits and veggies. Where is the failure? In BIG BUSINESS in understanding that security, risk management, and proper controls needs to be at the FOREFRONT of their leadership and project planning NOT in the caboose.
Here’s an email received (yes it’s legit) of a gaming industry giant that simply failed.
“The security of your information is critically important to us, so we’re really sorry to share that a portion of our North American account information was recently compromised.”
“Additionally, we are investigating that approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed. We are taking appropriate action to notify and safeguard affected players. We will be contacting these players via the email addresses currently associated with their accounts to alert them. Our investigation is ongoing and we will take all necessary steps to protect players.”
As mentioned above, when SECURITY and RISK MANAGEMENT is the ‘after’ thought, here is the result.
So to big business and executives, GROW UP…GET SMART, or start paying the fines…
Oh, GOV…yes, you’ll probably have to step in again.
AKA: Mr. Risk-Averse
CHO of All Things Technology and Sensible
“Get With It, Or Fail Like The Rest”