In case you’ve not been following the news with regards to *government* breaches:
- White House computers hacked – Russia suspected
- US Postal Service hacked – China suspected
- NOAA hacked – China suspected
All three of these news articles released within the past few weeks. The reality is that our networks are being probed and attacked regularly. This isn’t a FUD (Fear, Uncertainty, and Doubt) post. Rather, it’s an awareness post. Typically you have to be aware of a problem to be able to deal with it successfully. Every first world nation is aware of the level of warfare that’s going on nowadays. However, when talking with folks who aren’t in IT security, I get a sense that most “regular” folks don’t. That needs to change.
The reason it needs to change is because part of what allows the attackers to be successful is our own ignorance and lack of action to take reasonable steps to tighten things down. By the way, none of this is new. There’s a whole host of books on the topic, like America the Vulnerable, which cover previous breaches… at least what’s been publicly reported. The amount and type of data that has been stolen is simply astonishing.
The attacks are not going to slow down. In fact, as we tighten down certain parts of our infrastructure, attackers are going to look for an easier way in. That’s potentially why the USPS and NOAA were hit. Also, nation state players are not going to stop at military and diplomatic secrets. Industrial and economic espionage is important, too. If I, as “Big Bad Nation,” can assist my own country’s industries by passing on the secrets my government operatives stole from other corporations, why wouldn’t I? After all, if I am already okay with sending attackers after those corps, I won’t have a moral conflict with sharing the stolen information with my countrymen.
Which all means we need to continue to be serious about security, seek ways to tighten things down that make sense, and in general become better educated and more aware. It’s easier to prey on an ignorant, unaware adversary than one who is watching and ready to fight back. That’s common sense. It behooves us to transform our organizations to be that aware and ready opponent.