There's No Such Thing as Ubiquitous Security

By Lawrence Walsh  |  Print this article Print


Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers

BLOG: What does the Indonesia hotel bombings and the Twitter hack have in common? The public calls for broader, more stringent security. Incidents like these are often followed by chatter about widespread vulnerabilities and imminent threats. But we shouldn't race to lock down every potential target or avenue of attack. As Frederick the Great said, "He who defends everything defends nothing."

A headline in USA Today last week read: "Jakarta blasts puts spotlight on hotel security."

In the same week, a headline on CNN read: "Twitter hack raises questions about 'cloud computing."

Why are these two headlines linked? It’s because they’re making sweeping assumptions about the consistency of security threats based on two isolated incidents.

Let’s start by stating the obvious: Security threats to all users regardless of sizes and geographic location exists across the Internet. Those threats come in the form of worms, viruses, Trojans, sniffers, keystroke loggers, botnets, lone hackers, hacker gangs, organized crime syndicates and hostile nation states. The number of malware unique and variant malware samples detected in 2008 exceeded 800,000. A PC is receives a hostile ping within 20 to 40 seconds of connecting to the Internet.

Given the diversity, scope and breadth of these attacks, it stands to reason that everyone is at risk, which is true. But just because these threats exist doesn’t mean that you will be attacked with the same intensity or suffer the same damage as the next person.

Now, let’s get back to the hotel bombing incident.

Malaysia, the world’s largest Muslim nation and the largest economy in Southeast Asia, suffered its first major terrorist attack last week when a group linked to al-Qaeda launched suicide attacks against two hotels in the capital, Jakarta. These hotels were fortified, meaning that visitors and guests must pass through a security checkpoint before entering the grounds and bags are inspected upon entering the building.

The fact that terrorists defeated these security measures has some people calling for an examination of security measures at hotels around the world. In much of the western world, people can drive right up to hotels, leave vehicles idling outside the main lobby, park cars in underground garages, and bring bags and crates into the building without inspection. While the threat is global, Western hotels are able to forego extraordinary security because they do not face the same threat level as their Middle East, Asia and South America counterparts.

The Twitter hack - much like major hacks again TJX, Monster.com, Ameritrade, AOL, ChoicePoint, Heartland and the numerous compromises of the Pentagon and NASA - are more than just random breaches, but rather targets of opportunity. They were both target rich (meaning that they had valuable assets worth stealing or compromising) and accessible, much like the Ritz Carlton and J.W. Marriott in Jakarta. The combination of those two elements makes targets such as these of high value to hackers (or terrorists). But that doesn’t mean that every high value target is being attacked or targeted.

>> Click here to read more

Lawrence Walsh Lawrence Walsh is editor of Baseline magazine, overseeing print and online editorial content and the strategic direction of the publication. He is also a regular columnist for Ziff Davis Enterprise's Channel Insider. Mr. Walsh is well versed in IT technology and issues, and he is an expert in IT security technologies and policies, managed services, business intelligence software and IT reseller channels. An award-winning journalist, Mr. Walsh has served as editor of CMP Technology's VARBusiness and GovernmentVAR magazines, and TechTarget's Information Security magazine. He has written hundreds of articles, analyses and commentaries on the development of reseller businesses, the IT marketplace and managed services, as well as information security policy, strategy and technology. Prior to his magazine career, Mr. Walsh was a newspaper editor and reporter, having held editorial positions at the Boston Globe, MetroWest Daily News, Brockton Enterprise and Community Newspaper Company.

Submit a Comment

Loading Comments...