At this year’s
Apparently others at the conference viewed the issue as important, too, since attendance at the session exceeded the registered roster by 25%. Imagine my surprise, then, when one of my learned panelists began bemoaning all the attention being paid to data security. His attitude—one I believe is increasingly being shared by many—was that people are tired of talking about data security, mostly because they believe there’s not much they can do about it.
Initially, I was tempted to administer a drug test or have my panelist walk a straight line to evaluate his mental competency. Then I realized that he was actually expressing frustration—his and others’—about the undeniable fact that while lots of application developers and others are working on making data more secure, the “good guys” continue to be years behind those criminals and mischief makers who are crafting methods to penetrate systems from without, or within.
Certainly, he and the other panelists agreed that enterprises should utilize firewalls, antivirus measures, rootkit detectors and other forms of perimeter defense against outside threats. They also concurred on the need to set policies to prevent data loss via lost or stolen devices, such as laptops. Yet the 800 lb. gorilla roaming our session continued to be a sense that we would never win this war.
There is a concept in psychology that perfectly illustrates this state of mind. We call it learned helplessness. This state (demonstrated many times on the laboratory) comes about when animals “learn” over time that a certain action, say escaping from a cage, is impossible, so after many tries, the animals give up—even after the door is clearly open.
That seems to be the paradigm operating here. We’ve gotten so used to criminals finding ways around our defenses that we come to believe, at least in the backs of our minds, that defending the enterprise is ultimately an exercise in futility. To me, though, that’s a bit like giving up in the NBA Finals because the other team has a 15-point lead on you at the end of the first half. Sure, you have a hill to climb in the second half, but you also have plenty of playing time to reach that summit.
The point about learned helplessness, however, is that it operates in the background for the most part, so logical thought often has a hard time carrying the day. What really has to change is our fundamental view of data security. Instead of seeing it as a war to be won, we must see it as a necessary process that demands our continuing attention.
No, we won’t vanquish data loss completely—at least not as long as we retain our human frailties. We do, however, need to continue watching for that open door to our cages and to take advantage of every opportunity to make headway. To do otherwise to is to allow our data, our enterprises—and indeed our very companies—to crumble as we sit idly by.
So please don’t shut up about data security. Even the White House has enough sense to make it a priority, and it’s not often that we see good sense coming from that quarter these days. Remember, we can’t completely win this battle, but we can completely lose it.
Ara C. Trembly (
The opinions posted in this blog do not necessarily reflect those of Insurance Networking News or SourceMedia.
