continued from page 4
by perpetrators. What escapes
most of the general public is
that the cost of these losses
impacts every U. S. taxpayer.
It goes without saying that
the consumer-reported and
Medicare losses should be
considered the tip of the
iceberg. Actual unreported
losses are most likely 25 to 50
percent greater year after year.
The long-term impact on the
national economy is almost
beyond comprehension,
with the potential of
devastating results.
built and deployed. Unless they
are changed to a custom-built
system, he says, the general
purpose, mass-market
computing platforms will
remain vulnerable to continued
cyberattacks. Stafford also
notes that, by channeling
information to a small number
of federal agencies, this
centralized, top-down approach
handicaps pursuit of malicious
cyber activity. Part of Spafford’s
solution includes endorsement
of a Cybersecurity Czar,
combined with local extension
services, that would provide
education on which software
programs do what and how to
readily identify problems.
Spafford’s proposals have
considerable validity. In my
limited experience of literally
suffering through 10 platform
conversions and utilizing one
“selective” access platform, I
concur with his concept that
custom-built software is the
only sound approach to
cybersecurity. It is expensive
but, given the potential losses
that can occur using
“off-the-shelf” programming,
there is no better option.
The recent cases of
continuing penetration of
U. S. Government data bases
clearly indicate that outdated
Technological advances
systems, at both state and
available world-wide have made
federal levels, lack the capacity
fraud easier, faster and less
Given that the majority of
to securely interface with each
accountable than ever imagined businesses and individual
other. This will only increase
by the creators of the internet, decision makers are unqualified the risk of total exploitation of
software designers and
to select secure software,
individuals, businesses and
businesses, which have
multiplied and which compete
to provide customers with
quicker, easier, self-fulfilling
access to communication,
information and products.
With the continuing reports of
“hacking” and the vulnerability
of the internet, is there
anything that can prevent and
reduce these economic losses?
According to Eugene Spafford,
director of Purdue University’s
Center for Education and
Research in Information
Assurance and Security
(CERIAS), the expanding
software industry has been
built on the premise that flaws
can be “patched” and that this
“patchability” is a sufficient
substitute for sound design.
In Spafford’s opinion,
fundamental research is needed
to change the way software is
Continued on page 6
October 2015
5
The Credit Professional