Ugh. This makes me sick. New York Times, Washington Post, & LA Times, 3 of the largest, most respected (I guess that is subjective) newspapers in the world have been hacked. How is this possible? When you think about this for a second, it is almost silly. These are organizations that have access to information and resources BEYOND that of most government agencies! These papers are being spoon-fed information from news feeds, people in the government that no citizen could ever reach, AND confidential sources 24×7. These are companies that technology researchers from Carnegie Mellon, MIT, Ponemon Institute, Forrester Research, UNH, and more are reaching out to all the time. These are companies that vendors from security companies like Sonciwall, Cisco, Symantec, Apple, and even The Lorenzi Group are contacting on a daily basis! To sum it up, few if ANY other organizations in the world have as much access to data security and hacking trends as these 3 firms. Yet, they still got hacked. Why? How is this possible? I think it is possible for 3 reasons:
1. They never thought it could happen to them.
2. They do not share information inside the organization.
3. They do not believe that data security is important… they believe that Americans do not care about their privacy.
Maybe, as Americans, we don’t care about data privacy. Have YOU stopped buying these newspapers? Have YOU stopped shopping at Amazon, Zappos, Walgreens, Sony, and TJMaxx? Have YOU stopped using ExpressScripts, MassGeneral, and CIGNA Healthcare? If not, why?
And, there’s the rub.
These businesses have disregarded data security not because it is hard or complex or outrageously expensive. These businesses have disregarded data security because they believe that Americans don’t care and reporting a data breach will negatively affect their bottom line.
To all 3 of the newspapers, I have spoken with multiple data security vendors (most larger than Lorenzi, including some VERY LARGE players) and all of us are waiting for you to return a call. Your lack of concern for our privacy not only sets a bad example, but in the long term is bad for business too.
Who do you think is going to have the next data breach?