Data security will continue to be difficult and expensive until there is a political will to achieve it. This is because too few people, including politicians, adequately understand the risks either technically or morally.
One often heard excuse is that the sheer volume of online data makes it hard to protect, which is like blaming the burglary rate on windows. Potential intruders and eavesdroppers will always exist but basic safeguards to protect our privacy are entirely feasible, including passwords, encryption and anonymisation. However these protocols must be robust and protected by the law.
Governments Aren’t Ready to be the Solution to This Problem
The WannaCry and Petya ransomware are NSA created hacking tools that exploit deliberate flaws left in Windows’ Server Message Block protocol (SMB). And WannaCry was not the first home goal. According to John McAfee, the NSA installed a backdoor into the firmware of Juniper internet security equipment in 2011 which hackers quickly discovered, using it to hack the US Defence and Treasury departments, stealing 5.6 million fingerprints and millions of tax returns.
The Tor browser that enabled the Silk Road black market in drugs, weapons and credit card numbers also began as a military intelligence project, cloaking the identity of government agents and informants and setting up sting operations. Millions in “unhackable” bitcoins subsequently disappeared.
Exploitable Flaws in Every Technology
A host of leaks implicate GCHQ and the NSA for encouraging security flaws to be left in almost every digital technology; routers and hard disks, Intel and AMD CPUs, iPhones and Android, Skype and SIM cards, Linux and Windows, Facebook and Gmail, Dropbox and the Xbox One. With so many flawed devices connecting to company networks, endpoint security management has never been harder. Most businesses need to increase their data security budget and call in specialists (like https://www.promisec.com/) for advice.
At the same time as passing the Data Retention and Investigatory Powers bill to compel companies to enable spying on emails and phone calls by building backdoors into their communications infrastructure, the government is also introducing the GDPR that imposes enormous fines on companies that fail to protect their data. So long as there is one law for the public and another for politicians, company managers are obliged to shoulder the financial and moral responsibilities that politicians are so keen to avoid.