AOH :: ISNQ5937.HTM

Winkler: Grab Your Company by Its Proverbial Balls

Winkler: Grab Your Company by Its Proverbial Balls
Winkler: Grab Your Company by Its Proverbial Balls


http://www.csoonline.com/article/537463/Winkler_Grab_Your_Company_by_Its_Proverbial_Balls 

By Ira Winkler
CSO
February 10, 2010

A few years ago, I was called in by the CSO of a Fortune 25 company. He 
hired 4 of the best known companies that do penetration testing to find 
problems with their corporate network. All 4 companies came back two 
weeks and $100,000 later, and told the CEO that they had full control of 
his network. The CSO went immediately to the CEO, who basically replied, 
"I don't care."

The CSO then hired me to perform an espionage simulation. I came back 
within one week, and handed the CSO their mergers and acquisitions 
plans, their new technologies that were being released in three years, 
multi-billion dollar proposals, pictures showing how I bugged the CEO's 
office, and told him that I had full control of their entire network. 
The next week, the CEO raised the security budget by $10,000,000 and 
they hired security managers for all business units.

The reason that the CEO reacted that way is because I grabbed the 
company by their proverbial balls and squeezed. I showed him the pain 
related to bad security. A value was placed on the vulnerabilities and 
it showed the CEO that they had to be addressed.

I thought of this story as I read how Dennis Blair, the Director of 
National Intelligence, testified to Congress telling them how the 
Chinese hack of Google should serve as a wake up call. Frankly, while I 
admit that Google is a large American business, and the attack sounds 
outrageous, I have to reply, "I don't care."

In the grand scheme of things, China can hack Google, but the overall 
effects to the United States are rather minimal. Besides of the fact 
that you don't want to see any U.S. company being targeted by a foreign 
nation, the hack of Google really has no impact on the U.S. It is much 
more likely that the 33 other companies that were hacked by China during 
the same attacks, which of course don't get any press, pose a much more 
dire threat to the U.S. and its economy.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org

Site design & layout copyright © 1986- CodeGods