We've all seen the news reports, again and again:
A massive breach has occurred. Many millions of customer records have been obtained by hackers. The company in question has flubbed the response to the incident. Wall Street is punishing the company, and the stock has plummeted since the breach was reported.
That opening to articles on almost-daily cyber crises has become all too familiar. The recent incident involving Equifax, the U.S. credit-reporting company, is particularly egregious and may make it seem as if every attempt to secure our data and personal information is doomed to failure.
However, our failures do not come solely from technology and its misuse, but rather from a mindset that, unless we change it, will force us into the same mistakes time and again. These breaches are a failure of leadership and culture as much as they are failures of network security.
In order to secure our personal information and networks, we need to recognize that privacy and security are not opposites, but rather they support each other and our economy and society. We need to understand that notifying customers about breaches is a vital part of ensuring security and privacy. And, finally, we must recognize the role that government representatives, and the policy choices they make, should play in this entire system.
First, security is often incorrectly framed as a choice between security and privacy. In recent years, whether it is the debate on government's collection of metadata or law enforcement's increasing insistence on access to encrypted data, we are asked to choose sides between privacy versus security.