Add Sony Pictures to the growing list of companies to experience a major network intrusion within the past year. As of this posting, the organization hadn’t released a statement, so the details remain sketchy, but it appears its website and systems were hijacked by the so-called “Guardians of Peace.” A message threatening to release company secrets accompanied the attack and several unauthorized movie releases may be related to the intrusion.
Based on the Sony incident, the FBI released a rather daunting five-page, confidential “flash” warning to U.S. businesses. According to Reuters, the report suggested that, “The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods.” Virtually every organization is dependent on its information system, and the threat of an attack — not to mention the financial damage it could do — is frightening.
While many hacking incidents may not expose sensitive data or critically impair a business’ operations, they should still be cause for concern. For example, someone uploaded several expletive-laden messages to two of the Indiana Department of Transportation’s electronic road signs over the weekend. This situation mimics one from May when drivers in San Francisco were warned of an imminent Godzilla attack using the same methods.
While the sign hacks were somewhat humorous and fairly harmless, other than the distraction they created, it highlights the vulnerabilities of our emergency communications systems. For instance, a hacker could easily divert commuters from a busy freeway to create massive traffic jams. Or change the message to warn of an impending natural disaster sending people into a panic. In a similar fashion, these systems often control traffic signals and other emergency lights that a miscreant could shut off or alter.
These are all issues that have to be addressed by state and local authorities, as well as construction and engineering contractors who utilize these systems. Whenever and wherever computers are controlling a process, someone needs to ensure the system is secure — no matter what size the organization is. From the mom and pop corner store to the Fortune 500, no business or nonprofit is immune.
Fueling Fear is Counterproductive
Your clients may have a lot of anxiety based on all the latest security news, from the local pranksters tapping into construction signs to the latest prospective North Korean cyberattacks. Their concerns are real, but business owners don’t need their IT partners stoking those fears. They need solutions. In particular, they need someone who can identify their weaknesses with professional network assessments. Their providers should be skilled at effective backup and recovery design, able to implement Plan B if an unavoidable attack succeeds.
Those who sensationalize security concerns and close deals by increasing their customers’ fear factor may reap short-term benefits, but they often compromise relationships and future opportunities. When forced to make decisions under pressure, real or imagined, your clients may not fully comprehend the issues or the solutions being offered. The choices they make may not be in the best interest of their company … or yours.
That’s where IT security professionals have to strike a balance. Successful solution providers offer real world examples of existing threats without overhyping customers’ potential exposure. When necessary, they implement short-term measures to address existing issues until they can develop better long-term options. Most of all, they offer genuine assurances of what the client can do to protect its data, systems and people — after figuring out what the business really needs.
The free CompTIA IT Security Assessment Wizard can help with that process, walking you and your clients through a series of questions to produce a comprehensive outline of their true needs. It creates a great industry-vetted point of reference for IT security consulting and product sales. No hype, just the facts.
Fear creates anxiety. If you’ve ever been caught in an emergency situation, you know what I mean. When your car breaks down on a family vacation, you’re typically willing to pay whatever it takes to keep your loved ones safe and continue your trip. After returning home and having time to reflect, the reality of that outrageous repair bill finally sets in. Your opinion of that company can drastically shift in a short period of time.
Providers who get their clients to commit to costly or undesirable solutions based on overly hyped security threats may face the same scenario. You have to ask if you’re really providing your clients with a valuable service or simply taking advantage of their vulnerability to close a sale. While your team may have the best of intentions when pitching a security solution, how do your customers perceive it? That can be a tough question to answer if you’re not fully engaged with your customers and prospects and willing to have honest discussions about their real IT security needs.
Brian Sherman is founder of Tech Success Communications, specializing in editorial content and consulting for the IT channel. His previous roles include chief editor at Business Solutions magazine and senior director of industry alliances with Autotask. Contact Brian at [email protected].