We’ve all heard about the recent LinkedIn hack that resulted in up to 6.5 million passwords getting stolen. This is another shining example of how high the stakes can be when it comes to corporate information security. The lesson that really resonates with me surrounds the risk of moving business-critical data to big web-based cloud SaaS services. I’ve mentioned this before, and it’s worth repeating.
I am not suggesting that LinkedIn’s systems aren’t secure. I’m sure they are. I confidently use LinkedIn everyday. Most big cloud providers spend millions of dollars every year on security technology. The thing that strikes me as ironic is the fact that information security is like a good old fashioned arms race between the good guys and the bad guys. There is an everlasting battle of one-up-manship; the hackers are constantly trying to prove they can outsmart the information security authorities … and vice-versa. While this arms race is as old as modems and networks themselves, what has changed is the level of organization amongst the bad guys.
Hackers are crowdsourcing their talents and joining forces to pursue political, socio-economic, and often self-serving criminal ends. Groups like Anonymous have an ideological agenda that targets organizations like multi-national corporations and government agencies. Other, less-known and more nefarious groups are simply looking to steal. And the bigger an organization is with respect to their influence, the higher the likelihood that they will be targeted by growing number of hackers out there. And it’s not just about stealing information … sometimes the hacker’s goal is simply to crash a website and disrupt business. In the case of a global organization like Sony, any lengthy disruption to online services will cost them dearly both financially and in terms of their reputation.
Like I said … The stakes are high. So what’s the point?
You need to think carefully about the organizations you choose to trust with your information. You need to remember that popular high-profile cloud and web-based service providers are also popular targets for bad guys. You need to realize that the frequency of these hacks will only increase as online services proliferate and the number of bad guys and wannabe cyber criminals grows. It’s not a matter of “IF” these organizations will get hacked … It’s only a question of “WHEN” and “HOW BAD”.