And so we had a string of stories that consistently missed the point. And yet I am grateful for the invaluable public service they performed by making security matters big news and quite possibly prompting thousands, if not millions, of people to change and strengthen their passwords.
On the other hand, I am dismayed when real incidents go unnoted. For example, how much attention was paid to reports that card skimmers were operating in Walmart? Stories about that would have been a great opportunity to highlight the importance of using chipped cards or, even better, Apple Pay or Google Pay, for transactions whenever possible. There were also dozens of data breaches in the healthcare field. As always, there was no dearth of real incidents.
As long as I am pondering the failures of the media when it comes to security matters, let me go back a moment to the coverage of the Heartbleed vulnerability. Heartbleed was, and sadly remains, a major problem. It was widely covered, but the mainstream media focused on the idea that the foundation of the Internet was at risk. What they didn't do effectively was spread the word about what people can do to protect themselves, simply by changing their passwords. When that was mentioned, it tended to be an afterthought.
But I'll take what I can get. The cries of "Wolf!" about breaches that weren't really breaches seem to be effectively garnering mainstream attention for good security practices. As a security professional, I guess I should feel some satisfaction that users are being told to regularly change their passwords.
Nonetheless, I have the nagging thought that it would be even better to recommend that users implement multifactor authentication on their Internet accounts. At least I now know how to get the word out about that: Just make up a news story that every password in the world is at serious risk of compromise and the only thing that can stop it from happening is if people implement the free multifactor authentication that is available. Basically, it's the truth.
Sign up for CIO Asia eNewsletters.