Categories: SecurityWorkspace

Businesses Should Get Ethical With Security

Now the Heartbleed panic has finally subsided, it’s time for the post-mortem. From early analysis, one thing has become apparent: organisations need to improve oversight of their coding. Whether they’re organisations of disparate membership, or cohesive units creating proprietary kit, there are too many severe vulnerabilities being disclosed on a frequent basis.

It’s a question of responsibility. Do organisations care enough about their users’ privacy? The answer appears to be ‘no’. They care about users’ data staying safe not because of some altruistic motive, but because they are worried about losing money as a result of a breach.

Caring more about money than ethics

This was made apparent during a panel debate in which your reporter took part. Javvad Malik, an analyst from 451 Research, was talking about a company that was told if they released a product it would almost certainly be compromised by criminal hackers. The firm asked how much financial damage such an attack would do. They were told £250,000. Then they pushed the product out, despite knowing the severity of the flaw. Why? Because the web app they had put together was projected to make them millions.

Granted, taking risks is part of everyday business. It’s often what makes the difference between a market leader and a market loser. But how long would it have taken to fix that vulnerability? Would it really have been too much effort to get working on a fix ahead of the product’s rollout? Isn’t security a selling point in itself by now? Apparently not.

In a survey carried out by Trustwave, which was hosting the panel (full disclosure: they paid your reporter to contribute to the discussion), 79 percent of respondents said they’ve been asked to rush out a service despite security concerns.

That figure is too high. People’s privacy should matter more than it currently does. Companies have to get better at secure coding and delivery of secure products.

Jeremiah Grossman, Whitehat Security’s chief technology officer and founder, put it perfectly when he told me: “Our industry is backwards… We need software security not security software.”

Put simply, it’s time ethics played more of a part in businesses’ information security and digital risk strategies. Not only will it be positive for their current customers’ safety, but will help draw in more of those customers who care about privacy. Ethics and capitalism don’t always have to be mutually exclusive.

Are you a security pro? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

14 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

16 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

18 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

19 hours ago