Our Silence Is Hackers Greatest Ally

Consider the results of another survey from Ernst & Young, New York. The company talked to some 56 North American banks and insurers and found that only 38% of those asked rate themselves as "adequate" or better in their ability to secure critical information from a malicious attack or disaster. In fact, 30% of the respondents describe their ability to identify information system vulnerabilities as "marginal" or "inadequate." Now that is frightening.

"The risks are increasing and as the vulnerability and threats increase, organizations have not been able to stay up to speed in addressing them as effectively as they would like," comments William Barrett, partner and leader of E&Ys Technology & Security Risk Services Group. The solution, he adds, is not necessarily spending more money on security but doing a better job at "prioritizing" security risks and spending in the areas of highest priority.

When a companys systems are breached, however, a conspiracy of silence is the hackers best friend. When a company is mum, law enforcement loses what could be valuable information about the cyber-criminal. The hacker is able to continue his dirty work safe in the knowledge that more than 40% of the victims will never report the crime. The victims, meanwhile, publicly live the lie that their systems are impregnable. But all the while they are doubly fearful of further attacks.

Microsoft recently announced $5 million in rewards for information leading to the arrest and conviction of those who launch viruses and worms on the Internet. Hackers often use such malicious code to gain access to and/or control targeted computer systems. One could view this announcement as a publicity stuntand that view may be justifiedbut it is a step in the right direction. It is an attempt to get people to open up and share information so cyber-criminals can be brought to justice.

When it comes to fear of a cyber-attack, we can rightly cite one of the most famous remarks on the subject, from Franklin Delano Roosevelt in his 1933 inaugural speech: "So, first of all, let me assert my firm belief that the only thing we have to fear is fear itselfnameless, unreasoning, unjustified terror which paralyzes needed efforts to convert retreat into advance."

I think FDR says something very important here. Fear that "paralyzes needed efforts to convert retreat into advance" is just what most of the "silent 41%" suffer from. To save what they view as their potentially tarnished image, such companies will stay mum and allow the criminals to have still greater successes.

On the other hand, fear that motivates us to positive action is a blessing. Just ask those pigs in the brick house.

Its not easy to admit that your systems have been cracked by hackers, but in this age where such incidents are now commonplace, its not a damning indictment either.

To quote the same FDR speech again: "This is preeminently the time to speak the truth, the whole truth, frankly and boldly." When we can bring ourselves to share information openly with authorities and othersand realize we are fighting a common enemywe will turn the tide in the fight against cyber-criminals.

As a very wise man once said, "The truth will set you free." Report your breaches and help catch a hacker today.

Reproduced from National Underwriter Life & Health/Financial Services Edition, November 21, 2003. Copyright 2003 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.