Fear drives irrational security decisions
It was bad enough that, before 2001, security companies that had products and services to sell generated most of the fear of being hacked on the Internet. But after the 9/11 terrorist attacks, things got wonky. Prophets of doom appeared at every corner, issuing dire warnings of enormous financial losses. And the U.S. government, dipping its pen into propaganda, raised the fear factor by creating the National Strategy to Secure Cyberspace, a list of ''policy initiatives'' issued by the Bush Administration's Department of Homeland Security to combat ill-defined threats.
This is not to diminish the damage hackers have done, which is very real, and the necessity for tighter security as corporations move more of their valuable business on-line. But with fear running high, it's tough to make clear-headed decisions about securing systems to minimize damage.
Delegates flocking to Toronto for the 2003 Infosecurity Conference this week should be asking themselves about this, especially in light of the eighth annual Computer Crime and Security Survey, released last week by the Computer Security Institute and the San Francisco Federal Bureau of Investigation's Computer Intrusion Squad.
[ Read more ]