Raising awareness of potential security issues is a good thing
The release of a huge number of US diplomatic cables by whistle-blowing website WikiLeaks is already having a positive impact on the security world, by raising awareness of data protection and the damage that a leak can cause to a company’s reputation, Qualys CEO Philippe Courtot has told CBR.
In November last year WikiLeaks – in conjunction with The Guardian, The New York Times, El Pais, Le Monde and Der Spiegel – released the first batch of classified cables sent from US diplomatic missions back to the US State Department. The website was hit with a massive distributed denial-of-service (DDoS) attack and was also removed from Amazon’s servers. PayPal, Visa and MasterCard all stopped accepting payments for the site and its founder Julian Assange had his assets frozen.
In response supporters of WikiLeaks fought back. Headed by Internet activists Anonymous they launched DDoS attacks on the sites that had cut services to WikiLeaks.
Bradley Manning, the soldier allegedly behind the leaks, has been charged with, "transferring classified data onto his personal computer and adding unauthorised software to a classified computer system." As CBR described it recently, the leaks are, "purely and simply a case of inadequate internal information security".
The high-profile nature of the story will mean businesses across the world will examine their own data protection platforms, and that can only be a good thing, Courtot told us.
"WikiLeaks has highlighted to CEOs the important of eReputation. Whether you have been breached, or someone is saying bad things about your company or information is being leaked, that has an immediate effect with Internet distribution. CEOs and CFOs are now aware of that eReputation. Who do they go to? They are not the security experts, neither is the CIO. So they go to the CISO, whose reputation is elevated," he said.
"So WikiLeaks in a way is a godsend," he continued. "But at the end of the day it’s nothing more than another underscoring of the fact that information is now electronic and very easy to distribute. In the past if you were taking documents you had to steal them. Now you copy them. So now people have to be much more aware that electronic communication is vital and information can be stolen."
That awareness is already being felt at security vendors and end users, Courtot believes. He added that a move to a cloud-based infrastructure could in the long-term help improve data protection, but until cloud usage is more widespread leaks such as this may well continue.
"It’s already had a positive impact. People now realise they have to take this seriously. Everything is electronic and you have to be more prepared and protected," he said. "I believe the cloud is easier to protect because you have the data in one place, you can control the access. But at the moment we have the worst of both worlds – an enterprise environment which is almost impossible to secure and an immature cloud computing environment that needs to be more secure. It’s going to get worse before it gets better."