Companies to blame as much as end users!

People always ask me why it’s so easy to hack into their emails, get their accounts on Facebook or have their credit card data stolen. I usually always focus on end users. This post is about the programmers, the developers and companies which we “trust” with all our data.

Why am I writing this post? Well two days ago I was reading about how Mozilla (of FireFox browser) “accidentally” leaked 76,000 email addresses and 4,000 passwords! PF Chang was hacked for 8 months, until finally thought OOOPS we just realized. Domino’s Pizza was hacked.

When computers were being developed, no one had security in mind. When the internet was created, no one thought about security. Security came as an afterthought, years and years after people started using computers, programs and the internet. So when cyber criminals decided to cash in, a new domain called information security was created, and the game of cat and mouse started. Cyber criminals always have the upper hand, and security professionals are always running behind to fix the holes.

Almost in all situations, the problem in any security flow starts from the programmer(s) who design and write code. When programming languages were created, many security flows existed. Even though those flows are always being fixed, programmers are under a lot of pressure to finish their work in record time. They are barely given time to test a program let alone check it for security flows. What used to be an issue with lack of security knowledge has now transformed into an issue with management. Get the program out as soon as possible is what’s important; you can fix the problems later.

I used to think that since I live in a third-world country, it was an issue with companies in this country. I truly believed that in advanced countries, security is a prime concern and that the whole system would not allow for such flows. The more I read about the topic, and got interested in it, the more I realized that it’s a universal problem. How many “top” companies had defected products, systems hacked and passwords stolen?

The idea is that it is impossible to secure systems/website unless you don’t want to use them; that is have them inaccessible by anyone. Any other way? No!. The closest is having a dedicated security team of at least a 100 employees (which should all be competent)… Having the management on the security wagon. Programmers, network people and server people all sufficiently trained and believing in what it takes to secure the system. Only then would you have a chance of being partially secure.

Back to the initial question… Why is it easy to hack into our data… Well it’s because even if you do whatever you can do from your end as an end-user, and follow every single guideline… It’s still not in your hands! The truth is that many people working in the cyber world are incompetent, unhappy, pressured or just not interested. As long as we are playing the cat and mouse game, we will always be the losers. Security has to be part of any design of the future of internet… Not just a simple afterthought.