• United States



by Roy Harris

Can Corporate Hacking have a Bright Side?

Mar 05, 20122 mins
Data and Information SecurityIntrusion Detection SoftwareSecurity

Well, maybe. But only if one particular case of cybercrime finally wakes up risk managers, and gets enforcers on the stick.

Can there be an upside to the proliferation of computer hacking episodes that is so bedeviling companies? This year’s Stratfor case — in which the geo-political analysis firm’s website was hacked and 75,000 Stratfor subscribers had credit-card and other information made public — seemed to be a low point for companies fearing cybercrime’s worst.

A Monday New York Times article, though, claims that, even now, “There’s a Bright Side to Being Hacked.”

No, it’s not that the work of hackers is finally being turned on the masterminds themselves — something that recently arose in a new twist for supporters of the cybercriminal group called Anonymous.

Rather, the Times article suggests that hacking at last has gone too far — and that the Stratfor case has managed to “raise the alarm about the unguarded state of corporate computer systems.”

Certainly, reports are now giving more details about corporate vulnerabililties — password policy weaknesses, for example, and the hacking modus operandi that involves getting company employees to click on a rogue site.

“Anonymous is a wake-up call,” in the words of Booz Allen Hamilton SVP Roger Cressey. And companies that feel they’re safe are “in complete and utter denial.”

Okay. Wake-up calls that alert us to serious problems are good things. (And during a hack attack is definitely not a good time for corporate security to be oversleeping.)

But rather than parse good news from Statfor’s experience, it might make more sense for risk managers to steel themselves by drawing on the words of FBI chief Robert Mueller, also quoted in the Times article. “There are only two types of companies,” he said in the RSA conference keynote, “those that have been hacked and those that will be.”