and Identity Protection in the Age of Cyber Security Breaches

Written by Alexis Castorina

Data breaches at large retailers and the government’s massive data mining of personally identifiable information ranging from average citizens to world leaders are topics that continually make headlines. There is a fine balance needed between protecting consumers and businesses against security threats while balancing the need for national security and respecting citizen’s privacy rights. Cyber security is an issue that has gotten a lot of attention in the last few years.

Higher Degrees caught up with Howard Schmidt, who is a subject matter expert on cyber and information security and served as an advisor to the Bush and Obama administrations, to understand what has been happening in this sector and how consumers and businesses can protect themselves against this growing threat. Schmidt has been described by former colleagues as one of the most respected names in computer security. Schmidt is currently Executive Director of SafeCode, a non-profit organization dedicated to increasing trust in information and communication technology through the advancement of software assurance methods. He collaborates with some of the largest information technology companies like Adobe, Intel and Microsoft to name a few. He also runs a consultancy business with former Bush Administration Homeland Security Secretary, Tom Ridge, called Ridge-Schmidt Cyber, a firm that helps leaders in business and government navigate the increasing demand for cyber security.

Howard Schmidt served as an advisor to the Bush and Obama administrations on cyber and information security.

“Companies can do all they can [to protect consumers], but the way credit card systems have been designed and how we’ve been paying bills online for some time are not as robust as they should be, which is why we’ve seen some of the large retailer breaches,” he explained.

While complete protection is never a guarantee, consumers can take steps to protect themselves by limiting the amount of information they share online and on social media sites as well as how they shop online.

“It is recommended that if you do online transactions you use only one credit card for online transactions. And make sure it is a credit card and not a debit card.”

Howard Schmidt, Ridge-Schmidt Cyber

“It is recommended that if you do online transactions you use only one credit card for online transactions,” said Schmidt. “And make sure it is a credit card and not a debit card.”

He explained that while debit cards provide a tremendous amount of convenience, the risk in losing a significant portion of your assets and potentially not being able to recover them is too large, which is why credit cards are the recommended method for online transactions.

“If you’re connecting a debit card to your main checking account, which say had $10,000 in it, and there was a security compromise to the system, you could end up losing everything.”

Schmidt suggests that modifying certain online behaviors and information sharing is not about 100 percent protection, but rather reducing risks.

Not only do consumers have to be concerned with hackers accessing their personal and financial information online, but they are now more aware of how our own government is using their personal information and data around their online behaviors.

Since Edward Snowden, a former National Security Agency contractor, brought national attention to the topic by leaking top-secret NSA documents to major news publications, we’ve had an international dialogue about how the government collects the personal information of an international population.

Schmidt says whether or not people think Snowden is a hero or a traitor is irrelevant, it has fueled a discussion around this important topic.

“Right, wrong or indifferent it has created a new dialogue about what should be done, how it should be done, under what circumstances and also notification as to what’s being done. We’re never going to move out of that debate after this disclosure.”

He also explained the Obama Administration is moving toward a motto of “just because we can, doesn’t mean we should” in terms of how it aggregates massive amounts of information.

The debate about privacy unfolded in the 1990s and came from the corporate world when it wasn’t so much about how the government was using personally identifiable information but rather how companies were using consumer information for marketing and advertising purposes. After the terrorist attacks on 9/11 and the failure of the government to “connect the dots,” government surveillance has increased.

“Remember, it’s not about 100 percent security. It’s always going to be about risk reduction.”

Howard Schmidt, Ridge-Schmidt Cyber

“After 9/11 there was the immediate and appropriate desire to see what could be used with technology and how we leverage it to better protect our citizens so we don’t fail to connect the dots again,” Schmidt said. “Since 9/11, we saw the use of this to protect us, but we also saw technology advance with email and social media. The intelligence agencies saw this as an opportunity to collect anything they could on everyone, even honest hardworking citizens who haven’t done anything wrong.”

With technology advancing so quickly, it can be difficult for cyber security tactics to grow at the same rate. As a result, job growth in homeland and cyber security fields continues to increase, and more schools are developing curriculum and training programs for the growing demand of individuals looking to master this complex profession. For example, NCU offers specializations at the master’s and doctoral levels in computer and information security plus homeland security in response to the demand of business and government for security professionals who are trained in cyber-terrorism, computer forensics and computer security.

Schmidt reminds us that we can never be completely sheltered from cyber security breaches, but private citizens, companies and the government can be smart about protecting themselves as much as possible.

“Remember, it’s not about 100 percent security,” he said. “It’s always going to be about risk reduction.”