Former Cybersecurity Czar Argues for Better Data Loss Prevention
I hate to write anything that might sound like fear mongering and I can't stand Chicken Little-esque stories on how the security sky is falling, but I make an exception for Richard Clarke.
This is the guy who made a career out of understanding and worrying about major threats. He was, and I suspect, still good at what he does so when has something to say, I'll listen.
In Richard Clarke: Don't ignore data risks, deploy encryption Clark gives a scary assessment about executive attitudes about security:
Clarke compared the attitude of some corporate executives today to that of U.S. Defense Department officials 10 years ago when White House cybersecurity officials pushed the Pentagon to adopt intrusion defense systems (IDS). The Pentagon added the IDS and the service chiefs came back annoyed because, as they put it, the IDS technology had caused them "a hell of a problem." They ranted that they were being attacked all the time and that they weren't being attacked before IDS was deployed, Clarke said.
The DoD sounds a little like TJX. Clarke goes on to say:
"That illustrates the problem," he said. "It's about what you don't know, or what you don't see or can't prove. Industrial and national espionage is happening daily on a massive scale. Your databases are being stolen and copied, and just because the evidence isn't in front of you doesn't mean it's not a problem."
That's extreme. Coming from anyone else many execs might just ignore it. I hope someone else is listening to Clarke this time.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
