After setting up my media centre over the weekend, I learned that my 10+ year old Harman Karman Soundsticks speakers just…stopped working when they were connected to my TV. They worked when plugged into my iPhone but not when I used the TV’s composite ports. In a fit of desperation I did a factory reset on the TV, figuring that if that didn’t resolve it then I’d just conclude that something happened to the TV during my move. However, post-reset, the composite ports are working. It’s entirely unclear what the problem really was or how the reset fixed the problem. But, at least I once more have decent sound for music and videos.
Canada’s Digital Privacy Act, passed by Parliament in June, will require companies to report breaches once regulations are prepared. But experts say it is essentially toothless because it contains few financial penalties.
The Act will introduce fines up to $100,000 for deliberately not reporting a breach.
“There’s the obligation to report, which is, of course, positive,” said Christopher Parsons, managing director of the telecom transparency project at the Munk School of Global Affairs’ Citizen Lab.
“But without any sort of punitive consequences you run into the question of how useful is the notification itself.”
There is little data on how secure corporate Canada truly is partly because of a lack of breach notification laws, Parsons said.
Without a financial imperative to beef up security, companies are unlikely to shell out the millions of dollars required to identify and prevent them, Parsons said.
“For most companies, security is a drag,” Parsons said, adding that executives tend to reject investment in cybersecurity, where concerns tend to lead to IT professionals saying “no” to a lot of ideas, while also eating up company time, money and resources.
“All those no’s either inhibit fast fluid business, or they increase the cost and the friction of anything a company wants to do.”
Meanwhile, hackers are getting more sophisticated, but they don’t even need to because the defence systems are so weak, Parsons said.
“If you’re a hacker, you have to succeed once; if you’re a defender, you have to succeed every single time.”
Jeffrey Carr has some amusing thoughts on transforming IT in corporate businesses from a cost to a profit centre. Just a taste of the humour:
The good news, or at least potential good news since no one is doing this yet, is that the undiscovered malware lurking on corporate networks potentially represent tens or hundreds of thousands of dollars in income for the corporation. And since it resides on the corporate network, it becomes the property of that corporation. All of a sudden, something that you’ve viewed only as a threat and an expense has become a valuable commodity thanks to the trend in selling offensive malware to government agencies.
One can easily imagine how his article, slightly reworked, would have made an excellent April fool’s column.