Does Tesco’s breach show we are slowly softening up to cybercrime?
In the case of Tesco Bank repaying £2.5 million to its customers, it could at least say that none of their private data was stolen. But this sounds like the only moment of relief in this unfortunate story.
The worry is whether we are being slowly softened up to accept cybercrime. Certainly it is going to get worse before it gets better, as so much more business is being done online. And, with the advent of the Internet of Things, we are talking about more and more unsecured networks, where no one has really worked out how to secure data along much longer and complex journeys.
We want to enable digital commerce and communications, but we don’t really want to talk about security. Aside from the fact that it is a downer on an otherwise exciting, enabling conversation, it is also true that most of the people who talk about security operate separately from the people who talk about commerce.
Can the two work together? They will have no choice, but I am worried that they will be a lot of compromising. This will only ensure delays, further breaches, and half-solutions that are found not to work and missed timetables.
Maybe we can take clues from the payments industry. They are pretty clear about what constitutes private data, and there are laws to ensure merchants comply, under the Payment Card Industry data security standards. Outside payments, the focus has largely been on permissions and what can be done with the data once it is shared. Truth is, in this area, the merchants, the regulators and the consumers have been very lax; I certainly don’t recall signing up for the fact that for every catalogue I ask to receive, I get three more I certainly did not ask for.
If this blog is getting dull, I apologise; I’m sure no one really wants to talk about data security. However, I do think that, in the absence of guidance from merchants and vendors, we may all end up at the wrong end of the regulators’ lack of imagination. Is it really not possible to reconcile creativity and prevention?