Internet security – we were worried about the wrong things

When the first online stores began to take orders back in the late 90’s everyone was worried about the possibility someone would intercept those signals and steal our money. Companies rushed to place encryption and authentication measures in place to make sure the transmissions from the users to the vendors were protected. Well it has been 20 years now and as far as I know there has never been a case where a hacker dug up a physical data transmission line to the Internet, attached a few alligator clips connected to a souped-up laptop and intercepted any transactions that flowed past.

Instead the hackers attacked the websites directly, the stores, the banks, the credit firms, the hospitals, the IRS, the Social Security Administration, the healthcare system, the hardware stores, the social media sites and just about everything connected to the Internet – everything except the transmission lines.

We were worried about the wrong thing. Instead of worrying about the transmission of sensitive information we should have been worrying about what happens to that data after it has safely reached its destination.

As it turns out a distressingly large number of companies and organizations at the other ends of those transactions either didn’t know how to protect the data people sent them, didn’t really care about protecting that data or simply didn’t want to spend the money to adequately protect everything.

We hired an armored car to transfer our data and then stored it in a cardboard box sitting on a street corner.

I suppose our misguided concerns about the wrong things could be chalked up to naiveté, ignorance and the fact that the Internet was such a new thing that almost nobody could predict where it would go.

We’ve made similar mistakes in other related areas.

We used to be afraid that the Russians or Chinese would be the ones tapping our phones and listening to our conversations. Instead it turned out that we should have been more worried about our own government spying on us.

We used to think it was a bunch of social rejects hiding in their parent’s basements who would be hacking into our databases and it turns out that the biggest culprits are Russian and Chinese hackers, but they aren’t hiding in some basement, they are paid and sponsored by their own governments.

We used to think that our own cyber security people would be able to protect us (after all we invented this technology, right?) but it is becoming more and more apparent that even our most sophisticated government spooks can’t protect their own systems let alone anyone else’s.

Hopefully things will get better. Hopefully companies will realize that paying for adequate security up front is far less expensive than paying for a massive data breach later. Hopefully our own government will realize that they shouldn’t be spying on their own people. Hopefully the folks that are paid to protect us from cyber criminals big or small will start doing their jobs.

Unfortunately, every new technological advancement comes with new risks and the odds are we will once again worry about the wrong things.