fbpx

Hacker

Quest Diagnostics announced in November its patient portal was hacked. The hit exposed the personal information of 34,000 people. Laboratory results from blood tests were included. Quest joins the list of Sony, Anthem Blue Cross, the Democratic National Committee, and many others who have been hacked. Millions of consumer records have been exposed. All of these were eclipsed in December when Yahoo! announced a hack of one billion of its users. 

Most of the stories about the hacking events seem to dwell on the hack or the hackers. Emotions rise about how bad the hackers are. The stories are mostly backwards, in my opinion. Rather than discuss how bad the hackers are, the stories should focus on how badly the hacked protected the data of their customers, employees, and business partners. Our emotions should turn toward the hacked. Hacking can never be justified, but neither can the lack of adequately protecting servers from being hacked. 

A politician suggested this week voting should be done on paper only so no electronic machines are involved. This is a ridiculous proposal. The early days of automobiles were fraught with problems. Perhaps some people suggested returning to horse and buggy. That is what we have with voting.

No system, paper or electronic, will ever be perfect. However, it is possible to protect servers from inappropriate access. It requires money and good skills, but it can be done. There are numerous tools, services, and highly capable consultants and vendors available to assist organizations to be as secure as possible. The key ingredient is strong leadership from the top, asking questions about security, and demanding rigorous testing to find the holes and gaps before the bad guys do.

Hackers are not going away. They are continuously testing all the servers connected to the Internet looking for ones that are not well secured. It is similar to thieves going to door to door in every neighborhood looking for homes which are unlocked. If the press would focus on the organizations which are hacked and described how easy it was for the hackers to get in, companies and organizations would be embarrassed. Perhaps the result would be more focus on securing their servers to protect their customer’s data.