Making the Case for Security

Major corporations have made serious mistakes with information security recently, resulting in spectacular failures to protect business and customer records. After years of warnings, why do so many businesses still fail to deal properly with this issue? Eugene H. Spafford, a professor of computer science at Purdue University who frequently advises government, law enforcement, and big companies, has some ideas. He spoke with technology journalist Brian Krebs for Technology Review.

TR: You recently testified to Congress about the Sony breach, which appears to have happened after the company ignored warning signs about holes in its PlayStation network. How does an organization as big and as technologically advanced as Sony fail so massively on security?