What The Target Data Breach Tells Us About Credit Processing Flaws

Don’t let Target fool you; the breach of magnetic stripe information from 40 million U.S. credit and debit cards, including debit PINs protected with breakable encryption, is a very big deal. The company’s crisis response has focused on regaining consumer confidence by convincing people that they are protected against fraud. It’s a legal confidence game, one in which the entire retail and financial services industries conspire to instill a sense of security where there is none. They want you to believe that they have our backs and will protect us from fraud. Do so at your own peril.

I don’t know what irritates me more, that we as consumers are so gullible as to place much of our financial health in the hands of companies built solely to extract as much wealth as possible from us or that the credit card data breach was predicted, repeated, and completely avoidable. Ignorance rules on both sides, and the consumer bears the majority of the expense.

The Critical Need for Liberal Arts in Security

"As we strive to create a more civil public discourse, a more adaptable and creative workforce, and a more secure nation, the humanities and social sciences are at the heart of the matter, the keeper of the republic - a source of national memory and civic vigor, cultural understanding and communication, individual fulfillment and the ideals we hold in common."

- The Heart of the Matter: The Humanities and Social Sciences for a vibrant, competitive, and secure nation; American Academy of Arts & Sciences; Retrieved on June 21, 2013 from http://www.amacad.org.

Security professionals often state that security is an art, not a science. This field demands a certain degree of finesse, elegance, imagination, creativity, and a find-grained understanding of technology. We characterize the act of securing assets and information as finding the right balance between people, process, and technology, the security triumvirate. Yet, look at any job posting in security over the past 15 years (about the duration of time that I've worked in the field), and you find this:

Education: Degree in Computer Science, Mathematics, or any comparable field.

Defect Acceptance

Cybersecurity has been a hot topic for over a decade and only seems to be getting hotter.  When I meet new folks and mention being "in" information security, I cringe when I hear the standard response, "Oh, that's a really hot field.  I bet that there are a lot of opportunities for someone like you."  Well, yes and no.

An Adventure in Cloud Security

I recently registered for a website hosted by a government agency that handles some of the most sensitive personal information available within U.S. Government. While the site is only a simple scheduling system, imagine my dismay when I received an email confirming my registration that included both my username in password in the email body. That email demonstrates that, despite all of the reported attention to security over the past several years, especially within the Federal Government, we are failing to build an effective information security culture.