High-profile businesses are being unfairly criticised for poor security when the real blame lies with their security solutions providers, according to the founder and CTO of search engine tech firm Simplexo.
"Over the last two to four years we've had countless failures," Simon Bain told Computing. "Global Payments earlier this year reported 1.8 million credit card [details taken], LinkedIn [had 6.5 million user details stolen], the list just goes on and on.
"Errors do occur, of course, and nobody's infallible. But in most cases, when I talk to organisations they say ‘Well, we used industry best practice, so it's OK'."
It was the late August 2012 ICO investigation of Tesco that, says Bain, made matters "come to a head".
"They're greengrocers – what do you know about IT security?" said Bain. "Why should they be slagged off in the press for having old security systems, when they spend many, many millions of pounds on people who should know better; consultants and organisations who come in and do their web services and banking services for them, all of which purport to be best practice just to excuse them?"
Bain questioned the nature of best practice at a basic level. "What is it? Who actually defines what it is? Who's checking it to make sure it still is best practice.
"It just struck me that people are using this to save themselves, while actually you and I the users are the ones getting our credit cards lost, or details stolen, and ultimately end up paying for it, rather than the organisation who put it in in the first place. That cannot be correct."