In yesterday's post I remarked on the need for CIOs and CSOs to raise the INFOrmation SECurity threat level. (Okay, I didn't actually say that, but that was the implication of what I did say.) Why? Because times are tight and that puts a fresh edge on computer crime, data leakage, and plain old data theft.I also made the point that data theft was nothing new, something you can see for yourself if you Google the words data and theft and a year of your choosing. Serendipitously I chose 1985, and one of the results was this headline: "F-4 Design Data Taken in Theft at Parts Firm" from the Los Angeles Times, January 6, 1985:
"Computer cards containing sketches and design specifications for the F-4 Phantom jet fighter have been stolen from the Camarillo offices of a firm under investigation for alleged illegal shipment of F-4 parts to Iran, authorities said."
And wouldn't you know it, about an hour after yesterday's post I saw this story: Joint Strike Fighter secrets possibly compromised. Now, I should point out that this story does not say secrets were compromised, but it describes some less that stellar goings on at the Pentagon's Defense Security Service, which is apparently underfunded (like our soldiers in Iraq and Afghanistan and Walter Reed and Fort Bragg). There are three main points to note here...1. The human tendency to steal, for profit, or patriotism, or personal gain, is perennial.
2. You need controls in place to discourage, prevent, detect, and prosecute data theft.
3. Those controls need to be applied across the board, including business partners, however loudly those partners protest their integrity and innocence.
Management that ignore these three points do so at their peril.
No comments:
Post a Comment