IT Should do More Than Just “Get Over It”

The latest batch of data breaches at Target and Neiman-Marcus have raised a crescendo of concern in the media and among individuals that is certainly justified but sometimes a little off base. In particular, there’s confusion over the distinction between online privacy and online security. Some of the commentators have simply been echoing Sun CEO, Scott McNealy’s comments dating back to 1999, suggesting that we all just “get over it” and learn to live without online privacy.

We all want and need to know that our financial transactions are secure. When there is a breach of the type that occurred with Target and Neiman-Marcus, personally identifiable information (PII in security parlance) makes its way into the hands of third parties. The primary consequence of this is not that anyone in particular might find out where we live (as if they didn’t already know), it is the potential that his information could be helpful in defrauding us and defrauding merchants and credit card companies.

Keeping our credit card information “private” is not the same as avoiding government surveillance or other more generalized degradations of what some view as a primary right to privacy.  However, financial and transactional security and cyber-privacy are both worthy of thought and concern.  The Internet of Things (IoT) only compounds all these issues. What happens to privacy when devices like Fitbit track and make available details of our life as intimate as our heart rate? Who is watching and who might watch – legally or otherwise –is and ought to be a concern.  And, what are the potential issues involved with hacking these new devices? The Los Angeles Times recently reported that security firm Proofpoint has uncovered a cyberattack that included smart TVs, wireless speaker systems, Internet-connected set top boxes and “at least one refrigerator.”

The rapid evolution of these technologies demands that the IT industry formulate proper, adequate, and appropriate solutions.

Consider that the first cars didn’t have locks on the ignition or that airports, within living memory, had no security at all.  Anyone could walk out on the tarmac and sneak on to a jet bound for the other side of the world.  Circumstances changed and the technologies and practices that surrounded automobiles and aircraft had to change.

In our race to deliver more and better functionality at ever more competitive prices, security has been playing catch up – and privacy has hardly even been thought about.  Guess what?  Circumstances have changed and the technologies and practices that surround IT, the web, mobility, and the Internet of Things need to catch up.