Security is not a Hundred Per Cent – The Human Factor
Many IT analysts have reported that the number one concern that keeps company CEO’s awake at night is security. The IT security industry supplies many and varied IT security products and services and yet still the breaches occur. You only have to look at recent news bulletins about lost government data and the customer banking details that were mislaid, as well as the recent example of the American hacker, Albert Gonzalez, who, along with a Russian gang of criminals, stole data from more than 130 million bank accounts from Heartland Payment Systems. This New Jersey company processes payments for retailers including 7-Eleven Stores and Hannaford supermarkets.
The retailers are an attractive target, as the point-of-sale (POS systems) collect a massive amount of customer financial data which, if it fell into the wrong hands, such as a hacker, could be used to duplicate replica cards for criminal purposes. To try to combat this crime, the card industry introduced the Payment Card Industry (PCI) Data Security Standard, which is a code of best practice to help retailers and merchants who process card payments, to prevent credit card fraud through increased controls. However, as we can see, there are still chinks in the armour.
IT security solutions are being implemented by organisations in spates but how do you control the human factor? It’s rather like building ten feet high thick walls to protect the data and intellectual property but ignoring the many gaps in between where the perpetrator can sneak. Also, as the walls get higher, invaders seem to get smarter. Yet we expect the security solutions alone to provide hundred per cent protection. It has to be a combination of technology and rigid processes because the threats are both physical and technological.
If we look at general safety issues, it’s accepted that you can only minimise the problems not eradicate them completely, hence the plethora of government health and safety regulations. In the motor industry, for instance, safety has become a key component of the marketing message. In order to differentiate, car manufacturers introduced better safety features such as stronger structures, safer brakes, airbags etc. But even with all these advancements, we accept that motoring injuries and deaths will still occur. You can’t foresee every eventuality.
Just relying on technological advancements is not enough. Safety and security in the passenger airline industry improved dramatically, yes, in part due to technology but the major impact was due to the introduction of the flight take-off and landing checklist procedure, which has to be gone through rigidly for each and every single flight.
Malicious attacks on IT systems continue to happen with the introduction of more sophisticated bots, Trojans and viruses etc. But the human element is also ever present, whether it is a disgruntled employee who physically attaches a device to a server to siphon off data or a bogus maintenance man who nonchalantly walks past security into a data centre that houses highly sensitive data. The global village has created a market for all kinds of sensitive information, so there will always be people who find ways of stealing it.
Read the original POS Security article on the Maxatec website.