Is the Future of IT Security In Espionage?
Information technology is the lifeblood of innovation and progress for the individual, the home and the enterprise in the 21st century. It’s unfortunately also the prime target of self-proclaimed "hacktivist" organizations like Anonymous and LuLzSec, who hack into databases, websites and servers to steal and expose confidential information on the web.
Companies and organizations that have suffered recent high-profile attacks include the Ultimate Fighting Championship (UFC), for its support of the now-defunct Stop Online Piracy Act; and the FBI, for shutting popular file-sharing site MegaUpload. The assault on the FBI is of particular concern, as Anonymous was able to intercept a confidential recording between the FBI and Scotland Yard on fighting cybercrime, which it promptly released to the masses on the Internet.
So what does this mean for your business? It means that the stakes of IT security have just been raised. It might be easy to presume that only large organizations are at risk, but that’s not necessarily true. Networks can easily be hijacked and repurposed in a botnet attack without an organization’s knowledge. And with the hacktivist movement growing in numbers, there’s no target too small once it sets its eyes on a victim. Especially for businesses that handle sensitive customer information in industries like healthcare and finance.
All of this anxiety about IT security prompted Dan Blum, a research vice president at Gartner, to wonder if confidentiality was dead and if IT espionage was on the horizon.
Creativity will be essential if the nexus of forces coupled with an ever-more challenging threat and regulatory landscape really brings the end of confidentiality as we know it. I recently heard the CISO of a large financial institution muse about “What we would do if all our controls still prove ineffective against the threats?”
He spoke of then using business and information management techniques in the realm of espionage — counter-intelligence, deception — consciously and systematically varying the timing, audience, completeness, and accuracy of information flows, watching what happens, and adapting. This is not actionable yet — no more than a thought experiment. But could it represent the shape of things to come in the not too distant future?
The U.S. military is already preparing for a cyberwar, but what would it look like in the enterprise?