Who Hackers Will Target In 2008
Wednesday, January 02, 2008
In his ZDNet Gear For Geeks blog for IT professionals, Adrian Kingsley-Hughes predicts that computer hackers will target in 2008 what Adrian calls the "stupid crowd" since hackers (and identity thieves) follow the path of least resistance:
"The term 'stupid crowd' might seem harsh and unjust, but it’s as good a label as any... The 'stupid crowd' is made up of those users who don’t let anything get in their way when they’re after that funny video, porn, a keygen or pirated movie. The 'stupid crowd' click first and ask questions later (thinking doesn’t seem to factor in the process at any stage)... Anyone who’s had to throw away a PC because it was trashed by malware is a member of the stupid crowd."
Adrian makes some valid points about (home and business) computer users who ignore good computer security habits while surfing the Internet, sending documents, or reading e-mail. However, Adrian has described only one segment of the "stupid crowd."
In the few short months I've written the I've Been Mugged blog, I've read about many corporate data breaches and data security failures... enough so I've concluded that a second (and perhaps larger) segment of the "stupid crowd" includes companies where their senior management and IT professionals implement obsolete data security and data encryption methods, or insufficiently fund effective data security programs. Obviously, the "corporate stupid crowd" includes companies that suffer repeated data breaches.
The "corporate stupid crowd" includes:
- IT and HR managers who fail to train their employees on effective data security practices, especially regarding the downloading and storing of sensitive data on company laptops
- Companies that fail to implement data security processes with their contractors... and fail to hold those contractors accountable when data breaches occur
- IT managers who fail to secure their computer equipment liquidation process
- Retail companies with obsolete wireless encryption and data security
- Companies that ignore or fail to comply with Payment Card Industry (PCI) data security standards
- Companies who have the bad habit of placing profits ahead of data security for the sensitive personal data they archive
We only have 2007 to review to see the companies that are part of the "corporate stupid crowd." To see examples, browse the Data Breaches, Corporate Responsibility, and TJX / TJ Maxx topics in this blog. This flow diagram aptly describes the "corporate stupid crowd" regarding data security and data breaches.
If that's not enough, there's a ZDNet blog that documents the missteps and fumbles of the corporate stupid crowd: IT Project Failures.
Comments
You can follow this conversation by subscribing to the comment feed for this post.