CyberSecurity: people just don't get it!

Gaaa!  After reading about the Olympic grand slam opening last night, I caught sight of a NY Times article about taking the teeth out of a CyberSecurity bill because it would be too hard (read expensive), for businesses to comply with.  Business would be the first to scream and rant if a cyber war broke out and they were brought down by infrastructure problems or a ripped-to-shreds economy.

I worked in IT for 20+ years, and believe me, business is always dragging its security heels.  I had to scream loud and long before the customer service people stopped leaving orders by the fax and copy machines, orders with the customers' credit card numbers and expiration dates.  I had to beg for a shredder for confidential information.  I had to preach and tear my hair before everyone understood that by law you could not put the credit card CVVC number on an electronic file.  I cannot tell you  how many forms used to ask for that number.  Duh!  Business is in business to do business and as the old saying goes, the devil take the hindmost.  Credit card processors are hide bound and dragged their feet for as long as possible before the fines outweighed the cost of cleaning up their act.

Business will never implement security measures because it's always more important to please the marketing department who comes up with some meatball idea that needs implementation yesterday!  Executives are mostly focused on sales, not the security infrastructure.  Someone has to mind the CyberSecurity store and right now it's looking like that someone is no one.

When the cyber war breaks out, don't blame me and don't blame your president.  Blame those who didn't want to spend a few bucks to beef up their systems:  electric grids, transportation, nuclear power plants, all those pieces of our infrastructure that may be vulnerable to cyber-attacks.  Brother can you spare a dime?