Good News: There Is No Network-Hacking Deluge. Bad News: It's Always Like This

According to the media we're in the midst of an unprecedented hacking free-for-all. The fact is, we're not. Problem is that all the fuss obscures the real issue: Most network security has been laughably bad for a long time.

CNET's Elinor Mills has an incredibly useful chart of all the recent computer security breeches. It is huge. When I last looked at it there were 41 breaks in the last three months. However, that was five seconds ago, so the number is almost certainly up another third by now. Sony (SNE), Citibank (C), the CIA, the IMF, ADP (ADP), Sega (SGAMY.PK) -- no one's network is safe!

If these were swine flu outbreaks we'd all be putting more locks on the doors and ordering mass amounts of freeze-dried food and shotgun ammo. But swine flu outbreaks deservedly get so much attention because they are rare. These Internet attacks are about as rare as the common cold. If you doubt it, look at Info Security Analysis' charts on internet data breaches in the last decade. And then pass me some Kleenex, because I'm not feeling too well.

Corporate security is still terrible
So the story isn't the frequency -- or at least it isn't that the frequency is increasing. The story is that despite decades of attacks and warnings of attacks, corporate IT security is still terrible. "The vulnerability that hackers used to get into Citibank was embarrassingly stupid," said Internet security expert Bruce Schneier. "It's kindergarten security they got wrong. That shouldn't happen in 2011." While enterprise-wide stupidity at Citi isn't exactly surprising, the situation is dangerously widespread.

This is just one of several important stories that aren't getting the attention they deserve. Other topics are trends in criminal hacking, where the money goes, national policy on cyber-security and how corporations are avoiding responsibility for their own security failures. As Schneier told NPR's On The Media, a bank recently successfully defended itself in a lawsuit over a breach which caused the loss of hundreds of thousands of dollars by arguing it wasn't responsible for the security problem that allowed the loss to happen.

Those stories are getting covered -- but because they're are not as simple as the hack of the week, they don't get attention in proportion to their importance.

Image: WikiCommons
Related:

• So Your Network's Been Hacked: Five Ways To Turn A Profit
• Security Problem Is Yet Another Hole in LinkedIn's Over-inflated Price
• Sony's Lame Defense of PlayStation Breach: Everyone Else Is Worse
• Sony's Partners Are Angling for Payback After the PlayStation Outage