...I hope that your ears perk up. Mr. Clark has been in the tempest of security on many levels over the past few years. His experience working with four different presidents and the inner-machinations of the federal intelligence network has given him an authoritative perspective to view the legitimate threats that organized and motivated individuals can present to all organizations.
Now Richard Clark has come forward to push something near and dear to my heart, data encryption.
You can read the article for yourself but I have to point out this one comment by Mr. Clark:
"It's about what you don't know, or what you don't see or can't prove. Industrial and national espionage is happening daily on a massive scale. Your databases are being stolen and copied, and just because the evidence isn't in front of you doesn't mean it's not a problem."
That pretty well sums it up. People are losing data on a scale that they don't even understand. Criminal organizations are discovering that at an alarming rate. Malicious purposes follows the path of least resistance for the greatest payoff.
Once organizations take this more seriously, the criminal components of our society (both one-offs and organized) will move along to an easier prey.
It is unreasonable to expect this to go away until it becomes unprofitable for them. Thus, as more organizations push for higher standards of data protection, it will force those seeking the information illegally to look at an increasingly smaller subset of companies and institutions that do not have adequate data protection deployed. Additionally, those performing these invasions will hone their technics to further perfect their processes.
The end result: The longer you wait, the more likelihood you have of being exposed.
Here's a little formula (let's call it Mongold's Formula of Data Vulnerability for narcissistic reasons) that I threw together to help represent this:
P = (Gb - Ga) * Ch+1 * t
P = Probability that an incident will occur
t = Time
Ga = The organizations that are increasing their security
Gb = The organizations that are not increasing their security
C = Criminal attempts
h = multiplier representing criminal learning curve
Thus - the longer you wait to protect your sensitive data, the less organizations will be standing with you, the more criminal attempts (that are becoming increasingly more successful due to their experience) will be launched, over time which will result in a much greater probability that you will be successfully attacked.
Yea, that's oversimplified but it hopefully helps explain why every organization should have a certain sense of urgency.
You don't want to be one of the last targets in the shooting gallery.
Michael Mongold
Comments