Like it or not, cybercrime is here to stay . . .
Many moons ago, shortly after swaying off the boat in Sydney to become a new immigrant, I would be regaled by tales of the old Australia in which everyone in their street knew each other and you could leave the back door unlocked for years. The only possessions that needed a padlock were your daughters.
Times had changed, lamented my reminiscing Aussies. It was an era they fondly remembered yet could never retrieve. Just how lost those halcyon days of the 50s, 60s and 70s are was struck home in the past few weeks, with yet another round of cybercrime confessions about the theft of personal and banking card details.
Leaving the back door unlocked is becoming the least of our problems.
The planet has become a complicated place, and so have those who live on it. Who would have thought, for example, that our credit card transactions at the local mall might go through a clearing house in the United States? Not me, that's for sure.
The truth of this situation leaked out when more than a million credit card details were stolen by so-called cyber-criminals from an American clearing house, including those of 50,000 Australians. All our major banks warned their customers to double-check their bills. There have even been a series of ads - some with finance know-it-all David Koch - urging us go through our credit card transactions with a fine-tooth comb.
All this corporate sincerity and concern for our financial welfare is very touching. Executives won't admit to it, but these actions are needed because their security cannot be trusted. That's the bottom line.
In fact, they'd say nothing at all and leave you in blissful ignorance if they had the choice. (And don't deny it.) However, in the latest large-scale theft, we all have a California law, called SB1386, to thank for some honesty, if not total security, in the system. Before Arnie the Terminator took control as governor, the state legislature made it an obligation of any California company to confess their sins if they lost personal or financial data.
At first, when the occasion arose, only affected California residents were informed of lost data. Such security mea culpa extended beyond state borders when attorneys-general around America began demanding their citizens also be informed of security breaches. Now there are moves across the US for state laws similar to those in California.
Other governments, including our own, are going to have to consider legislating for honesty from the so-called "good guys" in their fight against cybercrime. It's another sad indictment on corporate behaviour but the only reason why we now hear regularly about online break-ins. Recent ones include the notification of Citibank in the United States that it lost a back-up tape somewhere, while other organizations such as PayPal, ChoicePoint, Lexus-Nexus and Axiom have all had to tell their customers about the mysterious loss of personal details.
Whether we like it or not, we have to get used to an acceptable level of crime when it comes to the security of our privacy. The zero-tolerance view, no matter how desirable, simply isn't practical. We will always have online financial crime, just as we've had armed robberies since Robin Hood was firing arrows. It is a new and constant, if unwanted, feature of our lives.
Across our economy, the standard of security implementations is patchy to say the least. I know of at least two major multinational companies who are about to spend some 25 percent of their IT project budget on security in this new financial year. I nearly fell off my chair when told how much work they had to do.
On average, local organizations will spend between 6 and 8 percent of their IT budget on security. As a rule, CIOs who have not been hit by a security breach find it harder to get business empathy and money to improve security. The smarter technology managers are using ever-tightening regulation as a weapon to demand money to lock down systems as best they can. Our local privacy principles, as well as government and financial institution requirements to protect stockholder value, have combined to help free up cash. There's nothing like the threat of jail - as articulated in America's Sarbanes-Oxley Act and Health Insurance Portability and Accountability Act (HIPAA) - to get the chief executive's attention.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.