The latest news hitting the wire, the internet, the blogosphere and the social media circuit is the hack of the Apple developer site that was acknowledged by Apple. To no one’s surprise, this was followed by the typical shame and blame game. I don’t know about you but I am getting a little tired of the sensationalist reporting of the latest hack (ok, please forgive my tongue in cheek title), and the ”security professionals” playing Monday morning quarterback on how they would have done things differently. The reality is that everybody and every system is flawed in one way or another, whether it’s substandard people, processes or technology. Every system can and is likely to fail – Edward Snowden is a good example of how trust in people can blow up. Apple has really great security folks but guess what? They got hacked, and this won’t be the last time. So instead of playing the shame and blame game from our glass house, let’s take each new report as the motivation to increase our own vigilance.
Total security is not an achievable end state. Your security journey is about providing more visibility, additional control, and ultimately more resilience to attack. I applaud Apple for notifying their developer community and for proactively taking down the services while they investigate the breach. I think we are all too aware of how many organizations have little or no awareness if they have been hacked. And many organizations simply flounder during such a scenario. Now is not the time to say “I told you so”, that’s like berating your child for striking out… but guess what? Your child already knows it!