Security: How to Not Recover from Getting Hacked (A Loser's Guide to Failure)
With pervasive fears about terrorism, security threats have proven all too real. Our antidote to the doom and gloom? A guide for what not to do when you get hacked. So take a moment to learn from the mistakes that others have made. Because your chance to avoid these worst practices might be just around the corner.
Deny, Deny, Deny
Not admitting that you have a problem is the first step to not recovering. In a recent CIO survey of CIOs and other top IT managers, only 41.1 percent of the 600 respondents said they would know when their systems were under attack. Time and again, studies show that companies are simply not aware of security breaches.
"You’ll hear companies say, ’I’ve never been hacked,’ when what they really mean is, ’I’ve never detected that I’ve been hacked,’" says Bruce Schneier, author of Secrets & Lies: Digital Security in a Networked World, and CTO and founder of Counterpane Internet Security in Cupertino, Calif. Once a company starts monitoring its systems for intruders, he says, "they’re amazed at the amount of activity going on that they never had any window to see."
Then there are those pesky employees who retaliate after messy layoffs. In August, for instance, The New York Times reported on an IT executive who caused up to $20 million in damage when he sabotaged the computer systems of the New Jersey chemical company that had laid him off. Cases like that underscore the fact that the majority of security breaches are by insiders.
Your employees, on the other hand, are hardworking, loyal and honest. That must be why, in that same CIO survey, 34 percent of the respondents indicated that they don’t store critical data on a restricted or confined system, away from other company information that requires less security. In other words, once intruders are in, they can get access to anything and everything.
Panic!!!
On the flip side, there’s the tale of MIT. A couple of years ago, officials at the tech-savvy university reported that a hacker had altered grades in its computer system. The next day, they sheepishly retracted the statement, explaining that a teaching assistant had made a data entry error.
$firstKeyword



