Can We Bridge The Security Divide? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Information Management
Commentary
3/14/2009
09:26 AM
Lorna Garey
Lorna Garey
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Can We Bridge The Security Divide?

This week I spent some time at the Boston Source Conference, attending Christopher Hoff's balanced discussion of cloud computing security and Jeremiah Grossman's take on making money the black hat way, among other sessions. Great quality content, well worth the time, and I'll never look at online banking the same way. This "a little knowledge equals a lot of fear" syndrome isn't new for me -- for years, I've edited secur

This week I spent some time at the Boston Source Conference, attending Christopher Hoff's balanced discussion of cloud computing security and Jeremiah Grossman's take on making money the black hat way, among other sessions. Great quality content, well worth the time, and I'll never look at online banking the same way. This "a little knowledge equals a lot of fear" syndrome isn't new for me -- for years, I've edited security experts like Mike Fratto and Greg Shipley. But Source drove home just how wide the gap has gotten between those who know what goes bump in the dark reaches of the Internet, and everyone else.The other half of that equation is a conversation recently overheard at my daughter's basketball game (names changed to protect the stupid).

Seems Wilma's neighbor, Betty, lost her job. To scrape by on just Barney's salary, economizing had to be done, and the first vendor to go was Comcast cable TV and Internet. Wilma was recounting how terribly bad she felt about Betty's kids having to go to the library to do their homework, while she had just gotten Verizon FiOS installed. All that lovely bandwidth, just sitting there!

So Wilma sent Fred down to the local Best Buy for one of those wireless access points, one that would reach next door to Betty's house. The nice Best Buy associate sent Fred home with "the latest technology" (presumably 11n), and it took just 10 minutes to set it all up (presumably with no security enabled).

In case you're wondering, no, I didn't ask. First because eavesdropping is socially unacceptable, but also because I've spoken up before in similar circumstances and the result is invariably either A) an invitation to come by and fix the problem, or B) strange looks and speculation on what kind of weirdos she must hang out with.

Still, the episode stuck in my head, and after about 20 minutes at Source it hit me that the "security divide" is roughly equivalent to the gulf between smart economists who had a frighteningly good idea of the likely outcome of those credit default swaps but lacked a forum to sound the alarm, and the schlubs on Main St. happily taking out second mortgages to buy new F150 dual-cabs and flat screens. Like sheep to the slaughter.

What's the answer? The general media could do a much better job of education. I can find hundreds of reviews of the new Kindle. Could we devote some ink to the real risks of unsecured APs and expired antivirus? Sure, WEP/WPA and AV aren't going to stop serious attackers, but we must raise awareness. Maybe we send Mike Fratto to the Today show. Matt Lauer could do the interview -- the discussion would certainly be worth 50 segments on how to get $200 worth of groceries for $3.27 using coupons.

Or, maybe vendors of consumer-grade devices need to embrace the default deny ethos and do what it takes to protect their customers from themselves. Setting a bunch of 15-year-olds up with a wide-open FiOS link and zero intelligent parental supervision strikes me as the digital equivalent of handing a toddler a book of matches. Sure, controls and education are expensive. But we've seen where ignorance has gotten us.

What do you think? What responsibility, if any, do security practitioners have to the great unwashed masses yearning to not have their bank accounts cleaned out?

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
10 Ways to Transition Traditional IT Talent to Cloud Talent
Lisa Morgan, Freelance Writer,  11/23/2020
News
What Comes Next for the COVID-19 Computing Consortium
Joao-Pierre S. Ruth, Senior Writer,  11/24/2020
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Slideshows
Flash Poll