Reading about all these recent security breaches highlights one thing: companies will not start taking security too seriously until they become criminally liable. Not just the general liability of the executives, but also employees. The same kind of approach that is expected of doctors, policemen, security guards, and such. If you botch up and endanger people's lives, you lose your license and you go to jail. And then, if you wanna be in IT security, it is going to take more than just a few buzzwords and certifications. You will have to be COMMITTED. Mrk
Sounds good, but won't work. To make it a criminal thing you would have to prove criminal intent. Be tough. Then there are the lobbyists. Good luck
No, just malpractice. Think of a doctor bodging a medical procedure, or a police officer bodging an arrest. When human lives are at stake, we apply a very thin margin of forgiveness. As long as companies treat people's data (essentially lives) as trash, they won't be bothered with security and sane practices. If they are told they will end up in a jail if they don't do it properly, the attitude will change. Of course, this means the entire security industry will need to evolve, but that's not a bad thing. The current apps-compatibility security-frozen state, and all the rest of the incompetence that has developed over the past 30 years must change. Redesign the whole thing so data comes first. Mrk
2 Montrealers charged in connection with Bell Canada cyber attack October 8, 2019 https://globalnews.ca/news/6008541/montrealers-charged-bell-cyber-attack/