1. There are hackers and always will be. They will always be 'smarter' than everyone else.
2. No average user can ever hope to 'secure' their personal data.
3. No corporation can secure data which can be accessed via a network, they can only secure some of it, some of the time, from some of the people.
4. We have created an internet which is unsafe. Users must either accept their money and data being stolen or not spend and lie when giving personal information on the web to protect themselves.
5. If your personal or financial information is out there it will be/has been stolen from someone who has it, and perhaps the smartest thief just steals it from the other thieves, so you'll never even see them.
6. Almost all of your activities and personal information is legitimately for sale to anyone who wants to buy it, from credit agencies, websites or even google.
7. Trust is absent, only hope exists.
This doesn't mean we should do nothing, but most of what we currently do is wasting time and money on poorly designed processes, but at least they employ people and certainly spread the wealth around. Recognising that is the first step. Many have known this
for some time. Saying that no amount of user education can change that is almost right, unless we turn everyone into the smartest hacker and that just isn't possible.
Many corporations employ pick-a-box security experts and what do they get out of the box? Pick a box of placebo's. Unless you have an army of IT security experts running live 24/7 there is little hope of protecting your systems or even detecting an attack,
let alone preventing one. As for the average user they may just as well spend their money on happy pills.
The last ditch effort of those without a plot is biometrics which will/have been be defeated as fast as they are/were rolled out. The latest is sending a picture of my eye. Where do we go from there? My ass (a CSI episode on TV suggested everyones bum is
different and at least they are generally covered from view so perhaps there is some hope for biometrics - call it 'bumometrics'). I could spend my time telling everyone how these things can be defeated, but it is a waste of time, and doesn't really
help.
Perhaps it would be easier to change the processes by which we do things rather than try and turn us all into internet security smarties, snake-oil placebo addicts or candidates for retinal/rectal photography, it hasn't worked so far, has it?
p.s. My wife says I am mean, but unfortunately it is the truth.