The Security Professional's Wish List for 2010
Now that the New Year is here and 2009 is behind us, here's a list of all the things that I think that infosec pros at financial institutions would like to receive in 2010:
Smarter customers - Can we have the ones who don't immediately respond to a phishing email, text message or phone call with their account information? I know we have to do more, but here's hoping that no one else will fall for those automated phone phishing calls. (I hate to think that P.T. Barnum was right when he said there is a sucker born every minute.)
Less phishing, less Ponzi, less fraud -- Hmm, and how about world peace, too, while I'm at it? Seriously, fraud in all of its nuances is still with us, and we've got to start taking it seriously. The record number of phishing sites reported, along with the Ponzi schemes that have floated to the surface, make me wonder if there is an end in sight to all of this.
More spending on smart security - which will come immediately after an institution's senior management realizes it's a valuable thing to have the ability to prevent data breaches rather than react to them after the fact.
Less red tape regulation - I know; we're always hoping that regulation will just go away. But if the really smart folks in the capital can't get this right in the next few months (not years,) we're only going to see history repeat itself when it comes to the economic turmoil we've been through in the past two years. We need regulation -- just not the kind that wraps up our compliance officers until they can hardly breathe.
A national data breach law - that actually makes sense. This is being hopeful, but if it has some of the same strengths that California bill CA1386 does (which, for those who don't know IS the original data breach notification bill), then we're going to see change. Otherwise, if it's too weak ... well, you know what happens then. Everyone will ignore it because it doesn't have teeth.
More jail time and fines - for the criminals who perpetrate cyber crime and fraud. The recent arrests of more than 100 phishers in the FBI's "Operation Phish Phry" showed that the winds of change are beginning to blow when it comes to international cooperation among law enforcement. Albert Gonzalez's pleading guilty to the Heartland data breach and other crimes is also a sign of the future for criminals. The long arm of the law will now be reaching over national boundaries to pluck them up and slap them in cuffs.
What's on your list?