Thursday, May 1, 2008

Tough Times and Threat Levels: New wave of infosec issues:

Protecting information, and the systems that process it, is part science, part art. There is no scientifically established correlation [that I know of] between economic conditions and security breaches, but commonsense tells us that the temptation to steal, cheat, defraud, or simply fudge a little, can be greater when times are tough. Witness the Lending Tree case. "Several former employees of LendingTree are believed to have taken company passwords and given them to a handful of lenders who then accessed LendingTree customer data files."

Do such things happen in good times as well as bad? Sure, but I think the human mind is better able to justify certain acts, like data theft, when people are haunted by fears of foreclosure, bankruptcy, gas lines and food lines. And make no mistake, while stealing a loaf of bread might seem the most direct answer to the threat of hunger, data theft is an increasingly viable alternative when a desperate person needs money. Indeed, from an INFOrmation SECurity perspective, one things that makes the current economic downturn different from previous cycles is the existence of a thriving underground market for purloined data, on top of the ever-present market of unethical employees and employers.

When I was researching my first computer security book in the 1980s there was no shortage of examples of bad behavior involving data (e.g. "2 Arrested in Theft of DMV, Credit Data by Alleged Ring" LA Times, December 11, 1985; "Alleged Data Theft by AT&T Probed" Dallas Morning News, November 19, 1985; "Two Arrested in Theft of Customs Computer Data" Miami Herald, July 20, 1986, etc.). Two decades later there is a lot more data stored on computers, a lot more ways of stealing it, and a lot more ways of selling it. Consider:

New SQL attack methods are discovered.
New SQL attacks launched.
New methods of defeating disk encryption publicized.

These threats are real. These are not security experts crying wolf to drum up business. The need to batten down the hatches is greater than ever.

No comments:

Post a Comment