Have you noticed that “fear” seems to be a major theme of this information-overload era in human history?
“Be afraid; be very afraid,” the slasher-movie moguls warn us. “Fear Factor” is a network television success. “No Fear” has become the mantra of the “extreme” boardshorts-wearing crowd. Were fighting the War on Terror. And then theres the list of phobias that seems to grow longer every day.
Everywhere you look, someone is telling you to be afraid of something or other. When you think about it, its kind of scary.
Of course, some fear is useful, even desirable. “Whos afraid of the big, bad wolf?” ask two of the legendary Three Little Pigs in a popular song. It turns out that Pig No. 3 used a healthy dose of fear to motivate himself to build a brick house that kept that wolf at bay. Lucky thing for the other two porkers that he had extra room when they came frantically knocking at his door after their flimsy houses had been decimated.
When it comes to hackersthose who would access our computer systems for nefarious or “recreational” reasonsI would similarly suggest that fear is a healthy response but only if its the Pig No. 3 variety.
Let me explain.
In September of this year, New York-based PricewaterhouseCoopers and CIO magazine announced results of a worldwide survey (47 countries, across all industries). The survey found that nearly two-thirds of respondents had “experienced negative security incidents in the past 12 months.” These attacks included insertion of malicious code, unauthorized systems access and denial-of-service incidents.
But the survey yielded another result that only can be characterized as disturbing41% of the respondents said they dont report such security incidents to anyone, including the authorities. In other words, when their systems are breached, they keep their mouths shut. The question, apparently not explored by the survey, is why?
Perhaps some of those companies have been threatened by hackers with more damage if they report incidents, but my instincts tell me that most of them are just plain scared of having anyone know their systems are so vulnerable. If youre a bank or an insurance company, for example, would you want to advertise that your systems were not capable of protecting your customers money and/or private information?
Yet the survey reveals that nearly two-thirds of companies have had breaches. Does anyone believe banks and insurers are immune?