Government cannot and must not be trusted with personal information
One thing that RSA week always brings is dozens of new surveys and research reports. I looked at three for Infosecurity Magazine on Friday:
- 2013 Security Report (Check Point)
- Targeted attacks and how to defend against them (Trend Micro/Quocirca)
- Managing information security: Public sector survey report (Clearswift/SPS)
They are all looking at different issues, but there is a common finding in all of them – a disconnect between recognising a threat and taking the right or adequate action to mitigate that threat. More specifically, they all say that the public sector is the worst offender.
From Check Point we learn that government is the leading offender in the use of high risk applications (remote admin, file storage and sharing, P2P file sharing, and anonymizers). In particular government is more likely than any other sector to suffer an incident that could lead to data loss at least once every week; and government is the leading offender in sending credit card information to external resources.
From Clearswift we learn that “Despite 93% of [UK public sector] organisations sharing sensitive information with external partners, 30% don’t view information security as a high priority when selecting a partner.”
Trend Micro, commenting on its own report, says, “Public sector respondents were guilty of a worrying level of complacency, with over a third claiming targeted attacks are not a concern, despite 74 per cent of such organisations having been a victim of these attacks in the past.”
Put quite simply, government cannot and must not be trusted with our personal information. In the UK, this is the government that plans to build a national DNA database within the NHS; and that wishes to be able to intercept our private communications at will. For the sake of our security, it must be stopped.