Small businesses owners need to go to school on the enterprise landscape vulnerabilities.
Editor’s note: This is part one of a two part series
Ah, security. It is a slippery and fast moving intangible that both eludes and evades.
The encryption-based security on Apple Inc.’s iPhone devices has been a popular subject among the FBI, Apple, tech companies, and the public as the mobile device vendor has been unwilling to help FBI break the encryption on the iPhones used by criminals. Elsewhere, the lack of communications implemented between Nissan’s Web servers and its Leaf electric cars was woefully inadequate allowing a security researcher to control key systems on a car that was not his in another country.
IT executives should understand the underlying issues surrounding these events including the potential legal and data protection consequences of exposed endpoint devices and encryption backdoors.
The inadequacies of enterprise security
The inadequacies of enterprise security are well known and the subjects of frequent reference and concern, but updated statistics help clarify the magnitude of the issue.
The cost to businesses of known cyber-attacks is an estimated $400 billion to $500 billion a year. Attack levels rise each year and most incursions still remain unreported. The $77 billion spent to protect industries in 2015 did not protect against some of the better-known breaches at Home Depot, the Office of Personnel Management (OPM), or Target.
Issues related to security management and response are most frequently the cause for exposure, as corporations often lack proper governance, patching and rapid response mechanisms. In stark contrast to these unfortunate facts, the current issues surrounding Apple iPhone security have to do with the U.S. government’s complaint that Apple’s encryption is too good.
FBI/Apple Fight Over Encryption
U.S. federal and state governments have compelled Apple to unlock iPhones in at least 12 cases since last September. Apple has refused to assist despite being ordered to comply.
One of the two shooters in the San Bernardino, CA case in which 14 people were killed and many others injured brought the issue to light. The FBI claims it is unable to access information on one of the shooter’s iPhone 5Cs without the company’s assistance.
While a federal magistrate ordered Apple to assist with the issue, a different magistrate in another case ruled against the government in a different unlocking case.
The company likely believes that a larger federal ruling will be needed to resolve the issue and support for Apple and encryption has streamed in from companies including AT&T, Facebook, Google, Intel, and Microsoft in government filings.
The ACLU and several prominent security experts have also lent their support to Apple via amicus briefs.
Next- The core of the iPhone’s “auto-erase” security
About the author
Mr. Braunstein serves as Chairman/CEO and Executive Director of Research at the Robert Frances Group (RFG). In addition to his corporate role, he helps his clients wrestle with a range of business, management, regulatory, and technology issues.
He has deep and broad experience in business strategy management, business process management, enterprise systems architecture, financing, mission-critical systems, project and portfolio management, procurement, risk management, sustainability, and vendor management. Cal also chaired a Business Operational Risk Council whose membership consisted of a number of top global financial institutions.