Last week, one agency was kind enough to print my controversial opinions on Waking Shark II, which were based on knowledge of standing deficiencies with the security cultures and infrastructures of banking. Many of which have been notified, but those in question have failed to act, or indeed acknowledge!
The recent Barclays breach is interesting, but I would add that this is only known as an insider blew the whistle, otherwise it would be unknown, and the subject public at large would have been none the wiser, and at risk. However, I am aware of many cases of such breaches which did not go public, one of which was the loss of 37,000 Barclays Client record’s, in clear (not encrypted) around 2007, which was not reported, notwithstanding the CISO, and all Executive IT Directors were aware, including one Main Board Member.
By main criticism and observation around Waking Shark II was its real value to serving security – if there were/are so many tolerated holes in place that support insecurity, then those in the security profession who support this situation, by association become part of the problem – in the name of security associations and bodies!
My conclusion is, we are not at a well trodden juncture of insecurity and public/business exposure which, in my opinion needs much more than to just pay lip service to the known, but which demands tangible action to secure the National and Global Economies.
We also need to be aware that the cultures which tolerated the unreported breach, have moved on, in some cases to the world of Outsourcing and Service Management (e.g. First Data), so sadly one may conclude that such attitudes for survival may have evolved into the unknown.
Professor John Walker is a Visiting Professor at the School of Computing and Informatics, Nottingham Trent University (NTU), owner and CTO of SBLTD, a specialist Contracting/Consultancy in the arena of IT Security and Forensics, and Security Analytics, the Director of Cyber Research at the Ascot Barclay Group.