Hey everyone! I just wanted to share with you the continuing saga of states' inability to install effective computer security systems. South Carolina is facing some Internet scrutiny after our previously mentioned screwup of their information security, resulting in over 3 million bank accounts' information stolen (by a Russian hacker, apparently). The state is planning on spending $800,000 on improving their security, money they probably could have saved had they taken precautionary measures rather than emergency ones. Around $13 million dollars will additionally be spent on cleaning up the mess left behind. A blunder of this magnitude can't go on being ignored. State governments HAVE to catch up with the private sector when it comes to computer security. There shouldn't be an option. The only reason South Carolina is even in this mess is because the agency opted out of an optional intrustion-detection system. This shouldn't be optional. Information security measures of a basic nature shouldn't be so difficult. What makes this truly painful is that it isn't some company's reputation or website that's on the line -- it's people's livelihoods, their savings and their emergency funds and their grocery money.The people in charge of our safety, our security, should not be allowed to skimp on the trimmings just because it saves money. If anything, this proves that it doesn't save money at all. Computer security can be costly when a company takes all the precautionary measures, but the consequences can be devastating otherwise.
It just doesn't make sense to me. A government agency that holds weapons would not get cheap locks that any fool could break (at least, I hope they don't). They certainly wouldn't hire unarmed mall cops to guard them. But here we are, with agencies wielding information that's more powerful than any gun, and access to millions of it is being guarded by the computer security version of Paul Blart.
(via Information Week)
There's news this week that Kansas just received its report on the information security systems audit that was commissioned by the state legislators. It wasn't good. And it's sad that I'm not surprised by that. There's a write-up on it in the Kansas City Star, read it here.
I would urge anyone who is concerned about their state to call a congressman about it, especially if you are a state employee. Their information security is your security. That's not just a slogan, that's a warning.