News
Commentary
7/5/2002
07:17 AM
Stephanie Stahl
Stephanie Stahl
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Editor's Note: What If You're Under Attack And You Don't Even Know It?

Generally speaking, I hate "what-if" scenarios. Why waste time worrying about things that don't exist? Of course, the continued threat of terrorism has what-ifs swirling through my head all the time. I don't like it, but it's now a fact of life.

On a less serious note, allow me to throw out some harmless what-if scenarios. My friend Wayne has the PIN number for his ATM card written on the back of the card. What if I swiped his card and raided his account? I wouldn't keep the money, of course; I'd just try to teach him a lesson. Then there's Marcus, who has his computer passwords on a sticky note next to his PC. The passwords haven't been changed in so long that the note has long since lost its stickiness. What if I accessed his E-mail and sent out messages on his behalf? They wouldn't be harmful; just something to teach him a lesson.

I don't plan to do these things. But I'm trying to make a point. I've been writing a lot about moral and ethical behavior lately, and I don't mean to beat a dead horse, but there seems to be an increase of "it's for your own good" behavior in the business world these days. It's a philosophy that the Deceptive Duo espouses, if you ask me (see "Deceptive Duo Preys On Poor Security Practices", May 6, p. 28). Whether you agree with this kind of behavior is a matter of opinion. But are you prepared if one of them comes knocking on your network? And do you want potentially illegal activity to teach you the lesson? Senior editor George V. Hulme takes you into the world of hacker Adrian Lamo on page 22.

Let me give you some good news about information security. The number of business-technology managers reporting attacks by malicious or otherwise annoying viruses has declined dramatically since last year, according to our annual Global Information Security Survey (see p. 36). So have denial-of-service attacks and other intrusive behavior. Are preventative technologies getting better and business-technology managers getting tougher? Or are the virus creators and hackers getting less sophisticated? There's no doubt that many managers have bolstered their technology defense systems. That's in part because of several high-profile security threats (as well as the potential threat of cyberterrorism following Sept. 11). But it's not time to let your guard down. The threat of more targeted, sophisticated attacks looms large. What's worse, some companies probably don't even know when, or if, they're under attack.

Getting back to the what-ifs, I'll admit my disdain for such scenarios is, well, unrealistic. When it comes to information security, your best bet is to explore every scenario and react appropriately. What if you aren't prepared? What if Adrian Lamo decides to peek into your network? What if some bored college student thinks it would be fun to infect your company with a virus? Or worse, what if it's already happening and you don't even know about it?


To discuss this column with other readers, please visit Stephanie Stahl's forum on the Listening Post.

To find out more about Stephanie Stahl, please visit her page on the Listening Post.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek - July 21, 2014
Our new survey shows fed agencies focusing more on security, as they should, but they're still behind the times with cloud and overall innovation.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
In this special, sponsored radio episode we’ll look at some terms around converged infrastructures and talk about how they’ve been applied in the past. Then we’ll turn to the present to see what’s changing.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.