In the olden days us security folks used to point to two kinds of attacks, targeted and random. Because targeted attacks were deemed to be the subject of Clancy and leCarre novels we quickly focused on so-called random attacks, ie. viruses and worms. Unfortunately the threatscape has evolved while the technologies we deploy have not. This can lead to problems.
There is still some security in obscurity. If you are a lawn care or construction company without a website you are pretty safe from targeting other than from your employees, who, come to think of it are a big concern as well. Let me put it this way - there is a spectrum of risk. Everyone has to deal with targeting from employees, contractors, customers, and competitors. On one end of that spectrum is the local Italian eatery. On the other end is…oh, let’s see… the British Government.
They have had their problems over at the British Ministry of Defense (BMD). A rash of laptop losses (thefts?) totaling 747 in three years, and 121 USB memory sticks gone missing in the same time frame. Yes, at least 3 of those had secret information on them. Remember the Top Secret dossiers left on the train in two separate incidents?
Now we hear that a senior aide in Prime Minster Brown’s cabinet has fallen prey to the oldest trick in one of those spy novels. (I can say oldest because it involves the oldest profession.) The name-withheld individual was approached at a disco and took a woman back to his hotel room. The next morning he had to report his Blackberry missing. Oops. Yee Olde Honey Pot trick. Works every time.
There is a lot of cross over lately between the real and cyber worlds when it comes to espionage. Using agents to steal Blackberrys is a classic hybrid attack. I find this unusual:
Last week it emerged that US intelligence and security officials were debating whether to warn business people and other travellers heading to the Beijing Olympics about the dangers posed by Chinese computer hackers.
I suggest the US State Dept. come right out and say it: Business and other travelers should take special care of their data when traveling to the Beijing Olympics in August. Oh, hey, never mind, I just said it.
About Stiennon
Richard Stiennon is a security industry innovator. He is currently consulting, speaking and writing on all manner of security topics and has just announced the launch of Seccom Global, a Managed Security Service Provider focused on UTM. He was most recently chief marketing officer for Fortinet. He has served stints at PricewaterhouseCoopers, Gartner, and Netrex, the world's first managed security service provider.
|
|
