North Korea just came up with a list of 310 new political slogans to commemorate its 70th anniversary, among which are "play sports games in an offensive way!" and "let us turn ours into a country of mushrooms!" Seriously. I laughed about how ridiculously frivolous those slogans are as I watched the Arizona llama drama (llamas on the llam! Alpaca suitcase!) and determined that the dress was white and gold.
The dress is white and gold. OK? Good.
But then the more that I thought about it, the more that I began to think that "a country of mushrooms" might not be all that ridiculous when it comes to describing certain circumstances—like the way that we currently approach cybersecurity, for example. Mushrooms are no doubt a delightful fungus, but there is a saying about them that is often apropos: they are kept in the dark and fed manure.
And that's kind of how we approach cybersecurity, isn't it?
Think about it. We give colossal amounts of personal information to companies. If you shop on Amazon, you've likely handed over your address, phone number, credit card information, email address ... and a record of the kind of things that you like to read. Shop online at Banana Republic? Same information as well as your size and perhaps your preferred style of undergarments. And if any of the systems at these places are breached, we just ... well, what is it that we do, exactly?
We denounce Target's massive data breach (more than 100 lawsuits against it) but continue to shop there (3.1 percent increase in profits). Home Depot is breached on a larger scale than Target (56 million credit cards compromised) but sees a 36 percent increase in profits. Anthem suffered the largest breach of all and ... crickets. Globally, cybercrimes cost business between $375 billion and $575 billion, and caused a net loss of 200,000 jobs in the United States alone.
In an Association of Corporate Counsel annual survey, 27 percent of chief legal officers reported that their employers had suffered a data breach; within that total was 50 percent reporting a breach in the health-care sector and 64 percent reporting a breach in larger companies with 100 to 200 employers. But nearly a quarter of these chief legal officers claimed that data breach issues were "not at all important" as a department priority. Who the heck are these folks, anyway?
Heck, we'd never do that with our own personal information. We would certainly take appropriate steps to protect it. Like passwords. We'd obviously use a strong password for our online adventures bank accounts, right? Here is the countdown to 2014's top five most common passwords on the Internet in reverse order: (5) qwerty; (4) 12345678; (3) 12345; (2) password; and (1) 123456. Good grief! Hackers can barely type as their drool puddles up on their keyboards. Is it any wonder that at least 47 percent of American adults had their personal information compromised in 2014?
And then, we continue to innovate in ways that can only create more cyber risks, like with Internet-connected televisions that eyeball you while you are watching them, or Internet-connected cars that can communicate your whereabouts, schedule and open your garage doors remotely. Do you know what your car company is doing to protect your personal information? Your television company? More importantly, do you care? Or did you click on another version of the World's Longest Disclaimer without reading a single word?
Cybersecurity issues are here to stay—in fact, the issues are only going to worsen as we develop more and more connectivity. But chief legal officers are hiding from cybersecurity despite exponentially increasing risks. And people are paying very little attention to who handles their information, how they protect it and what they are using it for, but are content to continue to trade privacy for convenience. So, I guess that makes us mushrooms all around.
And maybe that dress is black and blue after all.
Shamoil T. Shipchandler is a partner at Bracewell & Giuliani LLP, where he handles white-collar criminal matters and cybersecurity. Shamoil was formerly a deputy criminal chief in the U.S. Attorney's Office for the Eastern District of Texas.