Categories: SecurityWorkspace

Businesses Should Get Ethical With Security

Now the Heartbleed panic has finally subsided, it’s time for the post-mortem. From early analysis, one thing has become apparent: organisations need to improve oversight of their coding. Whether they’re organisations of disparate membership, or cohesive units creating proprietary kit, there are too many severe vulnerabilities being disclosed on a frequent basis.

It’s a question of responsibility. Do organisations care enough about their users’ privacy? The answer appears to be ‘no’. They care about users’ data staying safe not because of some altruistic motive, but because they are worried about losing money as a result of a breach.

Caring more about money than ethics

This was made apparent during a panel debate in which your reporter took part. Javvad Malik, an analyst from 451 Research, was talking about a company that was told if they released a product it would almost certainly be compromised by criminal hackers. The firm asked how much financial damage such an attack would do. They were told £250,000. Then they pushed the product out, despite knowing the severity of the flaw. Why? Because the web app they had put together was projected to make them millions.

Granted, taking risks is part of everyday business. It’s often what makes the difference between a market leader and a market loser. But how long would it have taken to fix that vulnerability? Would it really have been too much effort to get working on a fix ahead of the product’s rollout? Isn’t security a selling point in itself by now? Apparently not.

In a survey carried out by Trustwave, which was hosting the panel (full disclosure: they paid your reporter to contribute to the discussion), 79 percent of respondents said they’ve been asked to rush out a service despite security concerns.

That figure is too high. People’s privacy should matter more than it currently does. Companies have to get better at secure coding and delivery of secure products.

Jeremiah Grossman, Whitehat Security’s chief technology officer and founder, put it perfectly when he told me: “Our industry is backwards… We need software security not security software.”

Put simply, it’s time ethics played more of a part in businesses’ information security and digital risk strategies. Not only will it be positive for their current customers’ safety, but will help draw in more of those customers who care about privacy. Ethics and capitalism don’t always have to be mutually exclusive.

Are you a security pro? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago