Categories: SecurityWorkspace

Businesses Should Get Ethical With Security

Now the Heartbleed panic has finally subsided, it’s time for the post-mortem. From early analysis, one thing has become apparent: organisations need to improve oversight of their coding. Whether they’re organisations of disparate membership, or cohesive units creating proprietary kit, there are too many severe vulnerabilities being disclosed on a frequent basis.

It’s a question of responsibility. Do organisations care enough about their users’ privacy? The answer appears to be ‘no’. They care about users’ data staying safe not because of some altruistic motive, but because they are worried about losing money as a result of a breach.

Caring more about money than ethics

This was made apparent during a panel debate in which your reporter took part. Javvad Malik, an analyst from 451 Research, was talking about a company that was told if they released a product it would almost certainly be compromised by criminal hackers. The firm asked how much financial damage such an attack would do. They were told £250,000. Then they pushed the product out, despite knowing the severity of the flaw. Why? Because the web app they had put together was projected to make them millions.

Granted, taking risks is part of everyday business. It’s often what makes the difference between a market leader and a market loser. But how long would it have taken to fix that vulnerability? Would it really have been too much effort to get working on a fix ahead of the product’s rollout? Isn’t security a selling point in itself by now? Apparently not.

In a survey carried out by Trustwave, which was hosting the panel (full disclosure: they paid your reporter to contribute to the discussion), 79 percent of respondents said they’ve been asked to rush out a service despite security concerns.

That figure is too high. People’s privacy should matter more than it currently does. Companies have to get better at secure coding and delivery of secure products.

Jeremiah Grossman, Whitehat Security’s chief technology officer and founder, put it perfectly when he told me: “Our industry is backwards… We need software security not security software.”

Put simply, it’s time ethics played more of a part in businesses’ information security and digital risk strategies. Not only will it be positive for their current customers’ safety, but will help draw in more of those customers who care about privacy. Ethics and capitalism don’t always have to be mutually exclusive.

Are you a security pro? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

23 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

24 hours ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago