Fred Zajac

Hi Fred:

Great post. I was very shock that Uber didn’t announced data breach and try to use money to cover up.

Fraser,
I don’t believe that UBER was hacked. UBER had a long history on setting on setting customers and drivers data. They always come with new stories about been victims.
A quick search on Google will give you the statistics about how many times UBER was hacked.

Interesting article Fred. I am not really sure how I feel about Nick Wells’ statement. When he said, “It’s the cost of doing business.”, I completely agree with it. There are always risks making purchases online and one need to be proactive in paying close attention to what links you are clicking on and if the websites are legitimate. I don’t necessarily feel comfortable when he says “A little bit of fraud helps.” I personally do not want to be that 2% and I do not think anybody wants to. I am not that familiar, but possibly some fraud cases are easily solved, but what about the ones that are not? The ones where others are going months and months of trying to get everything resolved.

I have to agree with Elizabeth. Just because the fraud occurring benefits the consumer instead of them being the victim doesn’t make the fraud ok. In the same vein, just because brick and mortar stores plan and budget for shrinkage doesn’t make stealing from them ok, no matter how large and greedy the retailer may be. Fraud is a cost of doing business that retailers and consumers should plan for, but I don’t think it is ever ok to just accept that that is how things are. They should plan for if it happens but take steps to prevent it from happening in the first place.

This is both interesting and unsurprising to me. A lot or organizations are so focused on what gets into their building (badges required, metal detectors etc) that they don’t often think of what gets out. I worked in the data center of a major insurance company and a lot of the people I worked with took old pieces and parts home after they were decommissioned even though they were technically supposed to get shredded. It would have been easy to take something with production data on it. The NSA should have way better security for what gets out than a corporation, but I think they’re falling into the same trap the corporations are, trusting their employees too much.

Fred,

Really good posting. I feel like I haven’t read a security article in a while regarding physical controls. It is definitely overlooked and tends to be forgot about. Like Amanda said, this is not surprising, but I did feel this article demonstrated a extreme case of weak physical controls. Aside from employees stealing company property or data, whether, a big one I have heard about is tailgating. Not so much directed to the company’s own employees, but still relates to physical control. This would be where a non-employee is able to easily follow someone into a building and now has the ability to navigate through the building. This can lead to the stealing of data and/or physical assets. Sometimes organizations make it to easy for employees/non-employees to steal due to the lack of physical controls.

Amanda & Elizabeth,

I agree with both of you and thank you for commenting.

It is an extreme case of weak physical controls, and shouldn’t be the case at an organization such as the NSA. I can see how something like this could happen to an organization viewed as a moderate or low level, but NSA (I would assume) would be Top-Secret level.

It is shocking to me that technical controls are not in place to prevent the removal of data on multimedia devices. Maybe someone needs to invent a device that looks like a metal detector you walk through, that instantly corrupts removable media devices. This can reduce digital information from being illegally removed. Or… they can caulk the USB drives…

This is really interesting insight into the reason that IT security is starting to become such an increasingly important field. Threats are becoming more and more sophisticated and many businesses’ personnel and policies are struggling to keep up. The need for both technical expertise and security-conscious administration has become vital to the success of any organization.

Fred,

It is very interesting post especially when the source is someone like Sara Guo which is an investor at venture capital firm Greylock Partners, I think she talks from experience from a results of auditing so many companies that she’s trying to invest on. I do agree that so many companies nowdays are not awarded of the risk of losing data, they give access to all their employees to data including sensitive information.

I think all these companies should train their employees to know how to protect data on top of inverts to secure their data by giving the right access to the right employees.