Google, Facebook, Snap, and others of their ilk are reportedly better about security, and thus at least somewhat more trustworthy with your data, than outfits like hospitals and schools that try to use legacy systems and infrastructures with modern security measures. Recode sat down with the CEO of mobile payment outfit Stripe, Patrick Collision, who briefly went over how difficult it can be to secure legacy systems properly. According to Collision, the kind of systems in use at some places goes back multiple revisions over multiple years, making it extremely difficult to access with modern software. Others are using outdated encryption schemes, and still others are using software that just doesn't work right with modern OS' and hardware.
Collision pointed out that tech firms and newer companies don't usually have to deal with such complications, allowing them to be much more agile about managing their software and hardware stack, resulting in increased reliability and security. There are many that don't trust modern technology companies with their data, but Collision sang a different tune, saying that personal data residing in the older databases and hardware found in places like tax offices, schools, hospitals, and other older installations can be extremely vulnerable to theft or loss thanks to threats that even a modern consumer device, like a laptop or smartphone, would brush off, or exploits that have long since been patched up. For many of these legacy systems, upgrading anything would require decrypting or otherwise upending the entire system, upgrading everything while the data is in storage elsewhere, then putting the data back and forging new paths and calls for it. Naturally, this would also mean upgrading the software, and often the hardware, of almost every end terminal or thin client used by anybody in the organization, which could get expensive and time consuming in short order.
The interview was actually conducted before last week's record-breaking worldwide ransomware attack, which left countless legacy systems just like the ones that Collision spoke of in shambles. Things like that are just one type of disaster that can take advantage of lax or older security measures, but the damage done in this instance was not as bad as it could have been; instead of having data fall into the wrong hands, those who didn't pay up or manage to avoid infection saw their data encrypted, and eventually destroyed by the ransomware. Most businesses these days do have backups, but fresh-installing every affected machine or migrating to backup systems while awaiting a fix from malware experts left many businesses aground, including a big chunk of the medical industry in Europe. Sophisticated phishing attacks, brand new zero-day exploits, and exploits that require physical presence can all threaten even the most modern systems, but hardware and software makers are working toward helping to alleviate those.