ANALYSIS: Massive data breaches destroyed people’s faith while it ruined the careers of senior IT executives anda reputations of giant corporations
It would be easy to label 2017 as the year of the breach. The data breaches that stole personal information seemed to happen on a near-daily basis with only the biggest making the news at the end of the year. Meanwhile, events related to data breaches played their role.
The biggest of them all was the Equifax breach which compromised the personal identity details of nearly everyone in the U.S. after hackers penetrated the ludicrously weak security at the credit bureau.
But it was a breach that happened in 2016 that dominated the news in 2017. Russian hackers apparently breached the email accounts of a number of politicians and sold the results to WikiLeaks. The investigation that followed, along with other activities including the use of social media to influence the election in 2016, became a major technology story in 2017.
In fact, the effects of such activities continued to be big news as those same Russian hackers were reportedly planted fake news stories aiming to effect political campaigns in the U.S. and Europe, including the UK vote to exit the European Union. There were even successful attacks carried out by suspected Russian hackers to take down the power grid in the Ukraine.
When it wasn’t Russian hackers, it was North Korean hackers who have been accused of creating the WannaCry malware that decimated data systems in a number of countries.
In December North Korean hackers were suspected of hacking South Korean Bitcoin exchange Youbit, resulting in the loss of as much as one fifth of the customer funds the company held. As a result Youbit immediately filed for bankruptcy and the South Korean government said it would consider banning crypto-currency trading in the country.
If the breaches demonstrated one thing, it is that the weak point on most organizations’ security is the people who work there. While security systems, firewalls, intrusion detection and prevention systems and anti-malware products can help, none of those technologies can protect against the number one risk for security—user stupidity.
Does IoT security concern you?
- Yes (89%)
- No (11%)
The most successful penetration attempts occur when a user clicks on something they shouldn’t have. In some cases that may mean visiting a website containing ransomware, in others it may be an email with a link designed to steal login credentials. In others, such as high-level phishing attacks against senior executives, it plays on an employee loyalty to their bosses to do something stupid, such as tamely transferring money to a thief.
But despite their wide-reaching effect, breaches weren’t the only thing that happened in 2017. Perhaps more dismaying was the constant string of stories about the mistreatment of women and minorities in technology.
The corporate misogyny at Uber is perhaps the best example of horrifyingly bad behavior in tech companies, but it’s far from the only one. The multi-page manifesto written by a former Google engineer presenting reasons why women can’t succeed in the technology industry is another.
But the fact is the “bro” culture in Silicon Valley and elsewhere in tech robs their businesses and all of society of the talent and productive potential of half the population.
What the culture in these companies does is no better than the discrimination that takes place in many levels of society because of a person’s skin color or their place of origin. Sadly, because nobody wants to mess with the cool guys in tech, the theoretically progressive governments in California and elsewhere are slow to enforce discrimination laws.
But AI did a lot more than drive virtual personals assistants. In the form of machine learning, AI became critical in performing analysis of immense data sets that allowed insights into everything from product planning to healthcare to military intelligence. While AI has a long way to go, in 2017 it made important strides.
New security technologies also arrived, notably the Face ID in Apple’s iPhone X. With it, facial recognition moved beyond simply recognizing a photo to analyzing a 3D image of a person with a very high level of confidence. This is just one way in which biometrics are clearly in the lead as a means of machine identification.
While the iPhone X was not the first all-screen phone, and it wasn’t the first to use facial recognition and it wasn’t even the most expensive, it certainly got the edge in mindshare. Unfortunately for Apple, it wasn’t all positive mindshare, as the battery bungle, in which Apple finally apologized for intentionally slowing down devices as their batteries aged, shows.
Still, 2017 was a year with a lot of bad behavior going on. People were randomly clicking, other people where hacking, others were mistreating the disadvantaged. One can hope that 2018 will show a few corrections, such as a technology that can actually help prevent data breaches, despite the stupidity of users.
When 2017 is remembered in the technology industry, it will be known as much for a general failure to invest in people and their security. Employees can be trained in security, and managers can be trained in good personnel practices. Perhaps the best we can say about the year is that it can be used as a bad example.
It would be even better if a general realization began to grow in 2018 that money does not forgive evil. Despite the fact that some Silicon Valley companies, such as Uber, have grown rich mostly on venture funding, that does not give them license to abuse and repress employees in quest of a blockbuster initial public stock offering with a get-rich-at-all-costs mentality that beggars the usual corporate objectives of giving customers a good service at a fair price and employees a decent place to work.
Originally published on eWeek