• United States



iPhone Hacked! iTold you so!

Jul 23, 20073 mins
Data and Information Security

My dear loyal readers, join me as I bask in the glory of being right.  Slashdot has posted an article claiming that “independent researchers” have exploited the iPhone.  Specific details haven’t yet been released, but information is to be made public at DefCon in a few weeks.

I am an Apple fanatic, but the elitist attitude that Jobs’ crew has taken towards security has frustrated me for quite some time.  Well it appears that the Apple has had a pretty big bite in the Granny Smith on this one.  What the hell were they thinking?  You can’t thumb your nose at the bad guys and at the same time ignore the structure that will keep the bad guys out.   Apple has to realize that as an organization it is much too big a target to avoid hits from the bad guys any longer.  If Apple is to maintain is growth rate it must embrace security as an important piece of that success.

How many CEOs, CIOs, and executives will depend on Apple if they can’t even build a secure cell phone?  Once you’ve lost the top layer of the organization, you can count yourself out of the fight and probably for good.  Any executives out there reading this, take it to heart.  You aren’t in Mayberry any more.  The internet has transformed Mayberry in to New York, Beijing, and Brussels.  You can’t leave your door unlocked and you can’t ignore information security.  If you intend to compete in a connected world you have to think about business in a whole new way.  Don’t think your connected or that your business isn’t dependant upon the internet?  Try doing business without it.  Oh, and by the way that means your suppliers and vendors can’t use the internet either.

How do you think your business will fare now?  (… imagine hearing crickets chirping…)

Lets face it, and this goes for you too Apple, we are in a new world and it’s time that we wake up and smell the mocha latte.  Information security MUST be considered, planned, and implemented if we want our organizations to succeed.  Has Apple learned it’s lesson with the iPhone?  Probably not.  It won’t be until we as consumers begin demanding secure products that our vendors will make the move towards providing them.  Being that Apple has a relatively small footprint in corporate America, the iPhone issue most likely won’t be the driver that moves them to change how they consider security.

Chad McDonald, CISSP, CISA, C|EH, PMP is a Senior Professional Services Consultant with Imperva. Chad has worked previously at National Student Clearinghouse, Centers for Disease Control and Prevention, Georgia Department of Audits and Accounts and is the former Chief Information Security Officer at Georgia College & State University. Chad has addressed numerous groups on topics such as business continuity planning, incident response, and information security awareness. Chad has spent the bulk of his career building, managing, and assessing information security for educational and research organizations. Chad has earned multiple professional security certifications. He is a member of the Information Systems Audit and Control Association as well as InfraGard, an FBI Task Force charged with protecting the nation's information infrastructure. Chad is active in the security community He worked with law enforcement agencies to assist in the prosecution of the first computer crime on record in Georgia and continues to assist local and state authorities with computer based investigations. Chad has investigated computer and computer-related crimes for local and state law enforcement agencies. Chad is an avid Mac user, since he was rescued from the dark side eight years ago. He currently conducts the vast majority of his work using a MacBook Pro and a MacBook. Chad looks forward to the day that he can stop referring to himself in the third person and actually pay someone to write his bio for him. The opinions and statements expressed here are those of Chad McDonald and in no way reflect opinions or statements of any employer or organization with which Chad is affiliated.