In technology, quite a few companies are doing well. In fact, it’s a regular race among Apple and Microsoft to see who’s the world’s more valuable company. However, quite a few other companies in other industries are also doing very well. Many have reported strong earnings in the last couple years. Many of those same companies have had data breaches.
I saw this tweet from Buck Woody, which says ” Another day, another breach. C’mon companies, get your act together. Spend a bit of that record profit on security. We’re tired of this.”
I agree. As someone who’s stayed at an SPG hotel, I’d guess my data has been leaked. I’m also guessing that my credit card has been changed since then, since I think I end up changing them once a year because of some data breach. Still, I think that shouldn’t be a habit I have.
Companies need to spend more than “a bit” on security. They need to better train their IT staff on secure coding and configuration as well as on tools to support those habits and processes. They also need to devote some time and money to fixing past security issues. No system should be immune from patching because of fears that an application stops working. Either internal developers need to test better, or vendor contracts need to specify that software purchased will support platform security patches, which often means the vendors need to ensure that service packs and patches don’t break their products.
We need to demand more as consumers and technical people, including demanding more of ourselves. Building secure systems is hard. Writing secure code requires we change habits and sometimes do a bit more work. It’s something we all need to learn to do better.
The Voice of the DBA Podcast