Wednesday, August 01, 2007

Worm vs Thief: Take Your Pick

At a recent security conference (as many mentioned, presentations are not even half the value of such events!), I had this eye-opening chat with a guy who manages security at a large "natural resource extraction" company (to avoid specifics ...). The conversation moved towards "data security" vs "IT infrastructure security," which I always thought to be a somewhat artificial distinction (they are kinda the same since the sole purpose of IT infrastructure is to process and move data around). However, for this guy the difference was very real; in fact, he said: "I'd rather have all my critical systems fell to a worm than have the details of my mining process stolen and possibly disclosed! We will go out of business the next year." I argued that surely his company has more assets and "crown jewels" than that, but he explained that there are key pieces that, if purposefully stolen, will cause the worst case scenario to manifest ...

This doesn't sound like a super-deep insight, but it is! Days of people shaking in their boots while thinking of the next ILOVERYOU and Slammer are over. Even though anti-malware defenses aren't perfect and worms are not truly dead (although less relevant), it seems that the threat can be considered manageable rather than overwhelming. Notice that "manageable" is not the same as "gone" or "non-existent."

However, data theft is very real, and that is what makes security managers of today shake in their boots (and those who don't - MUST! :-)): having your very key data stolen, sold, possibly disclosed and you - the guardian of such data! - not even knowing how and by whom. We can blab about how hard data classification and sensitive information discovery are, but just do this simple exercise (and consult with your peers, if unsure): theft of which piece of data will make your company go away?! Afterwards, go to the system where such data resides and make pretty darn certain that you log every tiny "fart" :-) that such system and all of its components produce ... You'd be glad you did - your employer's future and thus your job may depend on it!

Possibly related posts:

Dr Anton Chuvakin