A headline in USA Today last week read: “Jakarta blasts puts spotlight on hotel security.”
In the same week, a headline on CNN read: “Twitter hack raises questions about ‘cloud computing.”
Why are these two headlines linked? It’s because they’re making sweeping assumptions about the consistency of security threats based on two isolated incidents.
Let’s start by stating the obvious: Security threats to all users regardless of sizes and geographic location exists across the Internet. Those threats come in the form of worms, viruses, Trojans, sniffers, keystroke loggers, botnets, lone hackers, hacker gangs, organized crime syndicates and hostile nation states. The number of malware unique and variant malware samples detected in 2008 exceeded 800,000. A PC is receives a hostile ping within 20 to 40 seconds of connecting to the Internet.
Given the diversity, scope and breadth of these attacks, it stands to reason that everyone is at risk, which is true. But just because these threats exist doesn’t mean that you will be attacked with the same intensity or suffer the same damage as the next person.
Now, let’s get back to the hotel bombing incident.
Malaysia, the world’s largest Muslim nation and the largest economy in Southeast Asia, suffered its first major terrorist attack last week when a group linked to al-Qaeda launched suicide attacks against two hotels in the capital, Jakarta. These hotels were fortified, meaning that visitors and guests must pass through a security checkpoint before entering the grounds and bags are inspected upon entering the building.
The fact that terrorists defeated these security measures has some people calling for an examination of security measures at hotels around the world. In much of the western world, people can drive right up to hotels, leave vehicles idling outside the main lobby, park cars in underground garages, and bring bags and crates into the building without inspection. While the threat is global, Western hotels are able to forego extraordinary security because they do not face the same threat level as their Middle East, Asia and South America counterparts.
The Twitter hack – much like major hacks again TJX, Monster.com, Ameritrade, AOL, ChoicePoint, Heartland and the numerous compromises of the Pentagon and NASA – are more than just random breaches, but rather targets of opportunity. They were both target rich (meaning that they had valuable assets worth stealing or compromising) and accessible, much like the Ritz Carlton and J.W. Marriott in Jakarta. The combination of those two elements makes targets such as these of high value to hackers (or terrorists). But that doesn’t mean that every high value target is being attacked or targeted.