Why is it that Internet Crime statistics continue to show that for the criminally inclined internet crime is a very viable and fast growing field?
Why is it that millions of dollars are stolen from end users who simply fail to pay attention to the basics of Information Security like strong pass-phrases and “don’t click the link”?
Why is it that in March of 2010 there was a breach of University student’s personally identifiable information (PII) that numbered over 3.3 million identities being stolen?
Why is it that in 2012 there was a breach of over 6 million IDs from the state of South Carolina IT Infrastructure?
Why is it that online banking theft is at an all time high with thefts against mid size business and metropolitan areas taking center stage?
Why is it that even though unheard amounts of information is being stolen daily that non-cyber security professionals are still very vocal in explaining to experts in the field of cyber security why passwords, pass-phrases, encryption and other basic controls don’t work and are too cumbersome?
- Yet in most breach cases if basic information security controls and best practices like defense in depth would have been in place and followed the breach would not have occurred
Why is it that the non- Cyber Security professional’s opinions on what Cyber Security controls are important are often given more weight than the Cyber Security professional’s opinions within an organization?
Why is it that Senior IT and Business managers within an organization still won’t listen to the Cyber Security professionals they employ when it comes to building and maintaining an effective security and control infrastructure?
Why is it that Cyber Security professionals still don’t have the voice they need within most corporations (Government, Public and Private) to actually protect the organization’s data?
Why is it that blame for failure to protect corporate data is quick to be placed on the shoulders of Cyber Security professionals who weren’t listened to in the first place?
Why is it that as experts we really do have the knowledge and ability to protect sensitive corporate data but in most organizations we are not given the power to do so?
Why is it that rhetorical questions are not answered?
© Kevin L. McLaughlin – properly cited use is encouraged