Silver Lining Behind the Rash of BreachesIncrease Public Awareness Could Prompt Action
A silver lining is emerging behind the rash of breaches that occur all too regularly. The fact that these breaches make the public more aware of the vulnerabilities is encouraging in efforts to make the Internet safer for all.
Don't get me wrong, I'm not encouraging more breaches. But the growing awareness is crucial for two reasons. First, awareness prompts users and website operators to become more vigilant in practicing safe online hygiene. Second, increased public awareness could prompt Congress to turn talk into action by getting lawmakers to pass significant cybersecurity and privacy legislation sooner than later.
The latest, semiannual Unisys Security Index issued this past week reveals that public awareness of the Internet's security dangers has spiked. On a scale of 0 to 300, the index shows public IT security awareness at 154, 40 points higher from where it stood last October. And, Unisys surveyed 1,000 Americans in February, weeks before breaches at RSA, Epsilon and Sony PlayStation breaches, perhaps the biggest hack of all with more than 100 million customer accounts exposed. Even relatively small breaches, such as the one that surfaced this past week at the Rape & Brooks Orthodontics of Birmingham, Ala., where patient data of 20,744 patients was jeopardized, add up.
Awareness doesn't equate pain, and people may need to feel pain before they act. "Unfortunately, a lot of people read about things happening, and don't think it will happen to them," says Patricia Titus, Unisys chief information security officer and former CISO at the federal Transportation Security Administration. "Are people going to hold their breath and wait and see what happens, or are they going to proactively to and take action?"
But as more of these breaches occur, more people will feel the pain. But it takes time to individuals, institutions and government to implement safety measures.
It wasn't until the last decade and half of the 20th century that most Americans began using seat belts. When a government agency began tracking seat belt usage in 1994, 58 percent of Americans used them. That year, 36,254 people died in motor vehicle crashes in the United States. In 2009, 85 percent of Americans wore seat belts, 27 percentage points higher than in 1994, and fatalities from vehicle crashes fell to 30,797, down 15 percent in 15 years.
Changes to IT security practices, whether implemented by individuals or encouraged by congressional mandate, won't happen until the public clamors for it.
Congress has debated, held hearings and proposed scores of bills to safeguard government and crucial national IT systems and individuals' online privacy for a half decade without any significant law being enacted. Sens. Sheldon Whitehouse, D-R.I., and Jon Kyl, R-Ariz., contend that might be the case because the level of public awareness of cyberthreats is unacceptably low, which prompted them to introduce legislation last month to require the federal government to publicize cyber incidents.
It's hard to predict whether 2011 will be the year that Congress enacts significant IT security and online privacy legislation. But citizen awareness on the problem is rising, and perhaps as Americans feel the pain of these breaches, their representatives in Washington will respond.