Network Computing is part of the Informa Tech Division of Informa PLC
Memory Upgrade Time
2:35 PM -- Back in his days as a stand-up comedian, Steve Martin used to do a routine called "I forgot." "If you ever get into trouble," he advised, "just say, 'I forgot.' Like this: 'I forgot armed robbery was illegal.' "
Looking at some of Dark Reading's news stories of this week, I wonder if some IT people may be taking Martin's advice.
These are very different stories, but they all point to a common issue: IT departments sometimes forget, or ignore, important tasks that affect the security of their systems. In many cases, this is not surprising, because security is only one small part of what they do each day. A database administrator, for example, is much more concerned about adding new data than about securing what's already there. Marketing people are more concerned about adding new subscribers than about unsubscribing the old ones.
Yet, while "I forgot" may be an understandable excuse in some cases, it doesn't make security violations any less damaging. I'm sure somebody at TJX meant to get around to purging all of that old credit card data, but good intentions aren't going to get back all of the customers that the retailer may lose as a result of the breach. Likewise, end users who unsubscribe to a newsletter -- and then receive it again -- aren't going to accept "I forgot" as an excuse. They're going to label you as a spammer.
Bottom line: If you're a security manager, you not only have to be suspicious and tech-savvy, but also a pain in the ass. You have to remind users not to give out their passwords, remind top executives to include security in their product plans, remind IT people to update their servers and their access lists. You can't let them forget.
Because when it comes to data breaches, "I forgot" is no excuse.
Tim Wilson, Site Editor, Dark Reading