Journal: Out of Touch with Reality I

03 Economy, 04 Education, Commerce, Commercial Intelligence, Ethics, Methods & Process, Mobile

Full Story Online
Full Story Online

Lifestyle Hackers

Jim Routh and Gary McGraw examine why twenty-somethings skateboard  right past security controls, and what it means for employers (i.e.  you!)

November 02, 2009

The insider threat, the bane of computer security and a topic of  worried conversation among CSOs, is undergoing significant change.  Over the years, the majority of insider threats have carried out  attacks in order to line their pockets, punish their colleagues, spy  for the enemy or wreak havoc from within. Today’s insider threats may
have something much less insidious in mind—multitasking and social  networking to get their jobs done.

To get a handle on the growth of the lifestyle hacking problem,  consider this: One Wall Street firm we’re both very familiar with  estimated that 45 percent of all security incidents in the past two  years were lifestyle hacks.

Example: Dylan had constructed a secure tunnel by exploiting a vulnerability in the company’s Web proxy, and he was connecting his  workstation to his ISP at home. This allowed Dylan to watch pirated  movies running on his home PC while he was streaming music from sites  no longer filtered by the proxy.

Phi Beta Iota: Shades of CIA in the 1980’s, when graduate students came in, saw the Soviet-era tools, and left.  We recommend a full reading of the above article, for it cuts more deeply into the pathological divide between the top-down security idiocy of the past and the bottom-up sharing culture of the present than any we have seen.  What the article does NOT tell you, which we learned from Vint Cerf and others, is that “insider attacks” of any kind are less than 10% of the problem over all–MOST communications and computing outages come from bad management including storing back-up files in the same place as the system being backed up (fire and water kill both), and sticking with legacy systems too long (not switching out and upgrading every two years is tantamount to putting a 25 lb weight on an employees hands).   CEOs today–and government CIOs–are completely out of touch with both reality, and the promise of the digital natives they are firing instead of promoting.