At this years IASA Business Show and Education Conference I had the privilege of chairing a panel on what I believed was a critical topic for insurance enterprises, namely data security challenges for the insurance industry. Apparently others at the conference viewed the issue as important, too, since attendance at the session exceeded the registered roster by 25%. Imagine my surprise, then, when one of my learned panelists began bemoaning all the attention being paid to data security. His attitude - one I believe is increasingly being shared by many - was that people are tired of talking about data security, mostly because they believe theres not much they can do about it. Initially, I was tempted to administer a drug test or have my panelist walk a straight line to evaluate his mental competency. Then I realized that he was actually expressing frustration - his and others - about the undeniable fact that while lots of application developers and others are working on making data more secure, the good guys continue to be years behind those criminals and mischief makers who are crafting methods to penetrate systems from without, or within. Certainly, he and the other panelists agreed that enterprises should utilize firewalls, antivirus measures, rootkit detectors and other forms of perimeter defense against outside threats. They also concurred on the need to set policies to prevent data loss via lost or stolen devices, such as laptops. Yet the 800 lb. gorilla roaming our session continued to be a sense that we would never win this war. There is a concept in psychology that perfectly illustrates this state of mind. We call it learned helplessness. This state (demonstrated many times on the laboratory) comes about when animals learn over time that a certain action, say escaping from a cage, is impossible, so after many tries, the animals give up - even after the door is clearly open. That seems to be the paradigm operating here. Weve gotten so used to criminals finding ways around our defenses that we come to believe, at least in the backs of our minds, that defending the enterprise is ultimately an exercise in futility. To me, though, thats a bit like giving up in the NBA Finals because the other team has a 15-point lead on you at the end of the first half. Sure, you have a hill to climb in the second half, but you also have plenty of playing time to reach that summit. The point about learned helplessness, however, is that it operates in the background for the most part, so logical thought often has a hard time carrying the day. What really has to change is our fundamental view of data security. Instead of seeing it as a war to be won, we must see it as a necessary process that demands our continuing attention. No, we wont vanquish data loss completely - at least not as long as we retain our human frailties. We do, however, need to continue watching for that open door to our cages and to take advantage of every opportunity to make headway. To do otherwise to is to allow our data, our enterprises - and indeed our very companies - to crumble as we sit idly by. So please dont shut up about data security. Even the White House has enough sense to make it a priority, and its not often that we see good sense coming from that quarter these days. Remember, we cant completely win this battle, but we can completely lose it.
This story originally appeared on the Insurance Networking News Web site.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access