In our constant crusade to stop cybercrime and fight the good fight against our invisible enemy, we (the good guys) seem to have lost sight of the most important thing, our most sacred trust.
In the fervor to cover a cyber breech and spread the FUD about the end of all times we have lost sight of the most important factor in all of this, people. Think not in terms of the millions of credit cards or medical records, of finger prints and retinal scans – stop thinking in such abstract and lets consider what a credit card is.
This data, this information is a sacred trust between business operators and consumers, even more importantly, between people and other people. Turning a breech into a statistic is a way of dehumanizing the impact.
Our culture does this with horrible atrocities, like plane crashes (no, I am not comparing a data breech to a plane crash). When we anonymize the data to the point of abstraction we also loose the very nature of what that data actually means.
Its not PII, and its not ‘trade secrets’, these are our customers, our friends, our parents, our kids. Through our dealings with each other (if we are a business, community website, or other place where data lingers) information that seems to be our customer, friend, co-workers, family, has leaked out into the hands of bad guys. I think the first step in moving to a culture of security is to stop dehumanizing data.
Lets stop calling it data. Lets call it people, or life.
When a breach happens machines don’t care, reporters don’t care, even CEO’s don’t really care, but the actual people affected do (or would, if they knew that their names were among those of “millions of encrypted files lost, says Major Retailer.”