A recent news report got me to thinking. The report involved a claim that an Israeli “cyber unit” was responsible for a computer worm that attacked Iran’s Bushehr nuclear power station. The intent is to disable Iran’s nuclear war-making capacity and direct threat to Israel.
Israel is on record: Stating that it would be willing to mount a pre-emptive strike of this nature, in ensuring its own safety and continued existence. Therefore, it is not a stretch to surmise that the worm might be their work.
Not to discount issues involving mortal enemies whatsoever – but the story got me to thinking about something a little more local: What if business rivals, in the course of (comparatively) routine and mundane matters, decided to mount a cyber attack on a business competitor? Much more likely: What if it were a rogue employee who decided to take down a competitor? Or perhaps more likely still, what if a rogue former employee decided to mount cyber-war on his or her former company? All of this is not only within the realm of risk and possibility; indeed measures of these things have happened.
In the realm of risk (all together now), unmanaged possibilities become probabilities. And, left hanging, probabilities always manifest.
As I state in my book, I.T. Wars, an effective internal check-and-balance on unreasonable actions diminishes rapidly as the size of a considered group diminishes. Thus, smaller organizations, comprising small and medium business (SMB), may lack awareness, training, and oversight in catching trouble as it brews…
Or – governance in some unscrupulous organization may simply decide that it can get away with wreaking havoc on a rival (you wouldn’t believe what I observed when I was a car salesman back in my youth; I’m glad that I never, ever, ever, did anything nefarious – at least, that’s my story). To think that today’s, and particularly tomorrow’s, shenanigans won’t involve cyber manifestations is to be quite naïve.
What does this mean to us now? It is easy enough to mount virus attacks against entities – and to mask the origins of the attack. With ever more resources in The Cloud, and thus with fewer “brick-and-mortar” physical protections, organizations today must guard against attacks from a variety of potential origins, and from any number of directions – and those directions are leveraged via an exploding array of wired and wireless means.
Train your staff. Make known general prior prosecutions of individuals who have mounted attacks – there’s nothing wrong with that. Have your security personnel spec’d up-to-the-minute, and have them apprising your staff on a schedule that supports your comfort: monthly, quarterly, semi-annual training –
Security for 2011 and beyond: Get it going – get it improved. Get it delivered.
NP: John Coltrane, The Stardust Session, on LP.