We in the US have been getting our InfoSec pants pulled down and our lunch money stolen on the playground for months, years now. I’ve bitterly complained about the nation/state actors and the non-nation actors and our own government actors, with all the usual results of complaining.
We’d better get serious immediately, at the personal level, about security. When I first approached ISECOM I liked the idea that security should be the default, that it should be hard, in fact, to do unsafe things. But things like money, politics and entrenched interests have kept us from achieving the significant leap forward we’re going to need to secure our information.
Some means are available to us personally: using aliases online for social media accounts, for instance. But in other places our critical personal information is held by … our government, for instance. In not-very-secure ways. Which means that we get pwned when they get pwned. Which is often.
That’s a damned shame, because we do have the means to make security much easier, and much better. We just choose not to use them. Read my discussion here: