Editor's Note: What If You're Under Attack And You Don't Even Know It? - InformationWeek
07:17 AM
Stephanie Stahl
Stephanie Stahl

Editor's Note: What If You're Under Attack And You Don't Even Know It?

Generally speaking, I hate "what-if" scenarios. Why waste time worrying about things that don't exist? Of course, the continued threat of terrorism has what-ifs swirling through my head all the time. I don't like it, but it's now a fact of life.

On a less serious note, allow me to throw out some harmless what-if scenarios. My friend Wayne has the PIN number for his ATM card written on the back of the card. What if I swiped his card and raided his account? I wouldn't keep the money, of course; I'd just try to teach him a lesson. Then there's Marcus, who has his computer passwords on a sticky note next to his PC. The passwords haven't been changed in so long that the note has long since lost its stickiness. What if I accessed his E-mail and sent out messages on his behalf? They wouldn't be harmful; just something to teach him a lesson.

I don't plan to do these things. But I'm trying to make a point. I've been writing a lot about moral and ethical behavior lately, and I don't mean to beat a dead horse, but there seems to be an increase of "it's for your own good" behavior in the business world these days. It's a philosophy that the Deceptive Duo espouses, if you ask me (see "Deceptive Duo Preys On Poor Security Practices", May 6, p. 28). Whether you agree with this kind of behavior is a matter of opinion. But are you prepared if one of them comes knocking on your network? And do you want potentially illegal activity to teach you the lesson? Senior editor George V. Hulme takes you into the world of hacker Adrian Lamo on page 22.

Let me give you some good news about information security. The number of business-technology managers reporting attacks by malicious or otherwise annoying viruses has declined dramatically since last year, according to our annual Global Information Security Survey (see p. 36). So have denial-of-service attacks and other intrusive behavior. Are preventative technologies getting better and business-technology managers getting tougher? Or are the virus creators and hackers getting less sophisticated? There's no doubt that many managers have bolstered their technology defense systems. That's in part because of several high-profile security threats (as well as the potential threat of cyberterrorism following Sept. 11). But it's not time to let your guard down. The threat of more targeted, sophisticated attacks looms large. What's worse, some companies probably don't even know when, or if, they're under attack.

Getting back to the what-ifs, I'll admit my disdain for such scenarios is, well, unrealistic. When it comes to information security, your best bet is to explore every scenario and react appropriately. What if you aren't prepared? What if Adrian Lamo decides to peek into your network? What if some bored college student thinks it would be fun to infect your company with a virus? Or worse, what if it's already happening and you don't even know about it?

To discuss this column with other readers, please visit Stephanie Stahl's forum on the Listening Post.

To find out more about Stephanie Stahl, please visit her page on the Listening Post.

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll