Wikileaks Exposure Points to Bigger Data Security Problems in 2011

I was in DC recently and was looking at some WWII memorabilia that was used during the 1940’s to reinforce the importance of information security. While there were no modern computers, cell phones, or even Internet during this time, the government worked hard at providing end user awareness.  There was great emphasis placed on how individuals should conduct themselves to prevent inadvertent disclosure of information to the enemy.  One example of this is a poster from that era that stated, “Loose Lips Sink Ships.” Image Source Did this previous generation “get it” in a way we don’t today?  Were the concepts of need to know, least privilege, and separation of duties somehow different then? According to the Identity Theft Resource Center, there were about 450 data breaches in 2009. 2010 doesn’t look to be shaping up much better.  From news about data breaches at McDonalds, Walgreens, Gawker, to WikiLeaks, the reports of exposed personal data are almost daily occurrences. It’s a sad fact that many times the controls placed on electronic information are simply not sufficient. In the Gawker attack, cyber criminals stole about 1.3 million usernames and passwords. While these passwords were encrypted, the usernames were not and weak encryption allowed many of the passwords to be broken quickly. In another example, news reports have stated that Bradley Manning, the suspected Wikileaks source, admitted that that the cyber security environment at the military base made it easy to smuggle data out.  According to Manning, “I would come in with music on a CD-RW, erase the music then write a compressed split file.” Will 2011 herald a change in that both government and private firms make a bigger push to secure sensitive data or will these events just be a speed bump along the road to continued information leakage?  It’s time to realize that while we are no longer in the 1940’s, there’s something to be learned from the previous generation about the control of sensitive information.

This entry was posted in Ethical Hacking, IT and Computer Security, Training and Education and tagged , , , , , , . Bookmark the permalink.

Comments are closed.