Lies We Tell Our CEOs About Database Security
South Carolina government executives' response to breach shows how non-tech leadership often views security through a distorted lens.
Beyond the raw statistics coming out of the South Carolina state government offices around a breach of its tax records that exposed the sensitive details of millions, Governor Nikki Haley and her non-technical senior executives have tried to dole out a measure of information about the breach and citizen credit remediation through a series of press conferences this week. A good faith effort to be sure, security pundits say, but one whose content may also hint at how South Carolina may have gotten in this mess in the first place.
As investigators continue to unravel the clues around the South Carolina breach at the state's Department of Revenue that exposed 3.6 million individual taxpayers' social security numbers, Haley announced more bad news on Halloween when she and her staff revealed that tax files around 657,000 businesses were also stolen.
While many details around how the hack went down are being kept under wraps due to law enforcement constraints, the governor and her staff have commented about the technical aspects of the breach. Some security pros argue that the messages and the tone set by these comments hint at a dangerous lack of education about database security and threats....