(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for March 8th, 2009

Just How Important Is IT Security?

with one comment

Cited from article HERE

Well, interesting little graph huh? Can you see the trending here? It seems that the corporate world STILL does not really “get” the whole idea of “Information Security” and its importance in this day and age. I still cannot fathom these numbers! How in the hell with all the hacking, industrial espionage, and outright theft going on out there today do they NOT get it and see INFOSEC as a real important commodity?

Sure, having information security can be costly especially if you have done NOTHING to secure your data, your clients data, your IP, whatever you hold dear and MAKES YOUR MONEY FOR YOU! But, uhh, if you LOSE that data, you lose your REVENUE STREAM you morons! Why? Why do you NOT get it out there corporate America?

What’s that?… You say it’s too hard? You’re too fat and lazy?

Oh… Yeah… I forgot for a second there.

I have said it before but I will say it again. Human beings are incapable of really sensing and avoiding long term tangential ideas of danger. It would seem a concept clear enough that there are people and state actors out there who want to steal your data for their benefit. Why then is this such an arcane concept when any of us in contracting as infosec warriors try to get this across to the “C” levels on down in any random corporate entity?

Is it because they just can’t get the concepts of computing? Sure, there are some luddites (ok, many really) so sure, they get that glassy eyed look and tune out. However, if you boil it down to;

“I just stole 20 million dollars from your bank! This is how and why.. I can help you fix it this way.. Please do these things”

and they don’t want to fix the issues or claim they are too “costly” to implement, well then, you have a recipe for another economic melt down on the macro scale. I have personally seen this in action many times, but the quote above actually happened. To the credit of the CEO though, he told the nay sayers in the board room to pay attention because he truly saw the implications of what I had done.

Now not all of these security issues just stem from “ninja’s” hacking the “Gibson” and this is where I really pop a blood vessel with corporate America. MUCH of the issues that need to be addressed for securities sake are low level and should be SOP for any company. It’s called “Best Practices” and you can get them in the ISO 7799 documentation. These involve the basics of “classifying data” and having “Policies and Procedures” in place and enforced. This is not rocket science! Why do they so often fail at even implementing these?


That’s how I see it. Not only are humans poor at determining long term threats, but they are often mentally lazy today. As a whole the picture portrayed by the movie “Office Space” is a true one. How many of you out there have “Ass Clown’s” running the show at your office? Many I am sure. Of all my years of consulting, rarely did I see a place with their shit together. All too often also I got called a “Bob” because I came around asking questions about what they do and how they do it. You could smell the fear.. Hell, I made an HR lady cry once! The Irony of it? I wasn’t even trying to be SCARY!

So, here we are… The economy is melting like a thermite grenade has been placed on the engine block. The state actors are getting more and more adept at hacking our systems and insinuating “industrial spies” in record numbers at our firms, and the government can’t even keep a “Cyber Czar” for more than a month as they keep quitting!

(As an aside, please read Why The Hell Was Secret White House Helicopter Data Found On A Computer In Iran? too. This is an excellent article on the MARINE ONE escape that ties back to my screed on security basics that government as well as government contractors who should be spanked for not following basic security processes.. Leading to an escape of epic proportions)

I give up.. I can only cry out in the howling storm so long before I just get too hoarse and clam up.

Ladies and gents.. Start digging bunkers and loading up the ammo, MRE’s, and other necessities. Cuz, I expect “Thunderdome” any day now.