Thursday, December 9, 2010

Wake up call from Wikileaks

The damage that Wikileaks caused is far more than just the leakage of classified information that governments all over the world do not want us to know. It also contains embarrassing information and behind the scene dealings that would have been best kept under wrap.

Stopping Wikileaks is even worse. It mobilized the under estimated group of social activists who are looking for a cause to raise havoc with establishments. Who would have thought that these people would be willing to self inflict with malware so that Denial of Service Attacks can launched from their own computers. That really is no different than a suicide bomber willing to destroy its own life or equipment to cause damage to others. Only difference is that equipment is cheap and can be replaced, while human life is not.

At this time, it is still too early to find out who these attackers are. Are they truly acting "for the cause" or are they just causing trouble for trouble's sake? I guess there are both.
As a private sector organization, should we be concerned with this?

I believe so. There are always others who do not agree with us. Whether they are willing to take these drastic actions is a matter of the level of animosity against us. But Wikileaks sympathizers have shown how easy it is to launch cyber attacks against a target. And there are plenty of willing participants with their own sense of self-righteousness.

Large organizations like Visa and Mastercard have adequate resources to partially stop these attacks, but how would a smaller organization responds if this happens to it?

Wikileaks has shown us two things: external cyber attacks live on at a fast and furious pace, but the long overlooked internal data leakage prevention is what caused this outbreak in the first place. 

It is time we look within our organization and revisit the importance of tightening information access. Every employee within the organization should also be aware of how damaging certain information can be. 

I'll follow up in my next blog with an actual incidence that happened to a small organization that I know and the damage it caused.

No comments:

Post a Comment