It should worry all of us in IT Security and Risk Management practices that every day people read about their information being pilfered from online databases, unencrypted systems, and tapes or other media and have started to grow insensitive to this news. I've seen it talking to people in business; they general population is starting to get used to information theft and it's becoming background noise - much like viruses back in the day... this isn't good. This means that we're failing at our jobs so catastrophically that people who should be worried are now starting to grow insensitive to information being stolen. People are starting to assume that their information will be stolen at some point and are expecting banks and credit institutions to compensate them immediately when funds disappear... interesting.
Identity theft is on the rise, the numbers of identities is well in the hundreds of millions of identities stolen - and it's not showing any signs of slowing down.
What's going on? Why isn't IT security able to mitigate the risks that cause data and identity theft?
Unfortunately, I think the problems are numerous and the answers are still few. From my point of view, these are the main obstacles to having less identity theft and fraud...
- Consumers opt for simplicity over security
- Data storage is decentralized
- Consumerization is driving adoption of insecure technologies "to support the users"
- Identity/Information protection has been pushed off onto banks/credit vendors
- Consumers still don't understand the impact of their information being stolen/compromised