What is the probability of a baseball player hitting a home run? According to Wikipedia:
Mark McGwire possesses the MLB record [as of 2013] … with a career ratio of 10.61 at bats per home run
That’s 9.43%, at best. What are the chance your organization being hacked? For most of you, damn nearly 100%.
“Oh no” you might grumble, “no one would bother hacking us, we’re just a small company doing <fill in your business>.” But consider today’s revelation that the employees of the St. Louis Cardinals baseball team hacked into the Houston Astros network and stole data on personnel, scouting records, and private team statistics. This points up that hacking is easy and that most organizations’ networks aren’t set up to detect infiltration and defend their assets.
The New York Times pointed out:
The attack represents the first known case of corporate espionage in which a professional sports team has hacked the network of another team.
Sure, it’s the first known case but you can pretty much bet on the fact that it isn’t actually the first case because espionage has always been part and parcel of business.
But in pre-Internet days, committing espionage required physical action; for example, someone would have to photocopy sensitive data or steal physical documents and then have to carry the paper out of a building. The physical constraints - people in the same location as the data, actual paper to transport - generally made large scale loss much less likely. Today, when anyone with barely moderate computer skills can remotely access an ostensibly private database and copy millions of records in a few seconds, things are very different.
There are two things that make this new reality really dangerous. The first is complacency, the belief that you aren’t a target when, in fact, everyone is a target. The second is the willingness to sacrifice security and integrity for ease of use in the mistaken belief that productivity might suffer or people will be unhappy having to follow a more rigorous network access protocol.
We are in the Age of the Hacker whether we like it or not and unless we - by which I mean you - get our **** together and start getting serious about our (your) security hackers will be able to hit a home run every time.