Most of us these days know not to open attachments from strangers (at least those of us who work at companies with proactive IS departments know this). We also realize that even when we do know the sender, we still shouldn’t launch an attachment we weren’t expecting without checking it out first. Only a fool would double click on a .vbs file or an .exe, right?
But what if the file is a spreadsheet from a fellow executive at your company? Who’d know not to open the document and get to work?
Executives at the global retailer profiled in Senior Writer Sarah Scalet’s story, “Outbreak,” didn’t. You can read their tragic tale beginning on Page 72.
This is an incredible story of high anxiety, suspense, heroic efforts, solid teamwork, stupidity (a user, of course) and villainy. If you like a good tale, you’re in for a treat?and if you’re the CIO of a large enterprise, you’re also in for the fright of your life.
The companion piece in this security package, “Break Glass, Pull Handle, Call FBI” (see Page 86), examines corporate reluctance to call in law enforcement following a network attack. Many executives are concerned they’ll lose control (the feds will sweep in, unplug computers and sweep out, never to be seen again); their plight will be publicized to the world at large; and despite all this, the perpetrator won’t be caught or restitution won’t be forthcoming. FBI spokespeople assure us they understand industry’s concerns, and they’ve made great progress in learning to work more cooperatively with the private sector. Whether you believe them or not is something you will have to decide for yourself.
Still, in a CIO KnowPulse Poll conducted at the CIO Perspectives conference in late April (see www.cio.com/knowpulse/ apr2001), a majority of respondents (76 percent) said that if they did fall victim to a cybercrime, they would indeed call the bureau. Fifty-three percent said they’d also call the local authorities, and only 17 percent said they’d call the Secret Service?perhaps not realizing that in addition to protecting the president and other government bigwigs, the Secret Service is charged with fighting financial and electronic crimes.
Cybercrime is on the rise, and odds are good it will affect you at some point. When it does, you should know what to do to protect the evidence and secure your organization from further damage.