Since my keyboard is a Razer, once again I find myself the victim of a data breach. This time it was a mis-configured log store. However, the article goes on to say this about misconfiguring your cloud services.
Breaches caused by cloud misconfigurations in 2018 and 2019 exposed nearly 33.4 billion records in total
Since there are only about 7 billion of us on this planet, this means that you and everyone you know have had their personal details leaked to god knows who for whatever nefarious purpose. This isn’t some nefarious hacker finding a way to exploit some new and unknown thing. This is just not configuring the service correctly. It is just plain ineptitude. This is also not checking it to be sure it is configured correctly. This is the sheer laziness of never even running an automated scan.
And what do all of us get in return? This time we don’t even rate the year of free credit monitoring. We just get to suck it up and hope that no one steals our identities. When are we going to start holding these companies responsible? Until GSLB and SOX, fudging the accounting was a pretty common practice. Tyco, Enron, WorldCom, Lehman Brothers, Olympus, and the list goes on with entries right up to the current day. However, making the executives personally and criminally liable really made a sea change in the way that accounting and data controls on financial data are handled in most companies.
I would like to see that same sort of change for companies that store my personal data. Are we, all of us, less valuable than a few dollars? If your mechanic forgets to put the oil plug back in and lets you drive off, he’s still responsible for any damage to your engine. If you forget to set the parking brake on your car and it rolls into someone, you are still responsible for the damages. I just don’t see why IT is any different. We, as an industry, should do better. I know that we are capable of it but until something happens that puts executives in the hot seat for it, I don’t see it becoming a standard corporate practice.