Can your business withstand a Wikileak-type attack? – The Royal Gazette | Bermuda News, Business, Sports, Events, & Community

Log In

Reset Password
BERMUDA | RSS PODCAST

Can your business withstand a Wikileak-type attack?

What is a regular business to learn from the fallout from the Wiki-leaks affair?

First, any presence you have on the internet, from just providing information to your clients to actual sales, is subject to two forces that may disrupt your business at any time.

You may possibly fall afoul of rules put in place by your service providers. For most businesses this is a minor, almost non-existent threat.

But the threat does exist. Witness how easily Amazon, PayPal, Visa and MasterCard used seemingly innocent phrases in their providers' agreements to shut down services to Wikileaks.

While your business is probably not engaging in controversial activities that upset the world's major governments, dependence on one provider and not having an alternative arrangement with a competitor could lead to shutdown or a temporary suspension.

Your providers and your business are more under threat from the second force that is now flexing its muscles more boldly since the release of the US diplomatic cables by Wikileaks.

These underground cyber hackers, an anonymous and loosely connected bunch of individuals, have retaliated against any service provider that stopped doing business with Wikileaks.

They have done so through coordinated denial-of-service attacks against the websites of those providers. Some have been successful.

Others failed due to the anarchic nature of the groups. They just could not decide amongst themselves who to attack.

However, they managed to create a lot of trouble for those businesses that did come under concentrated attack.

They largely slow down or prevent a site from working by flooding it with requests, overloading the servers on which a site is based.

The attacks demonstrate that your business does not have to be the direct reason for the attack just your service provider. Since the software to attack sites is freely available, even disgruntled staff or ex-staff may use it to cause problems. So, while you may think the problems affecting Wikileaks is happening to someone else, they could happen to you, even in a minor way.

Of course, these dangers are separate from the regular threat to your business due to a data breach, or, to put it more properly, a leak of information.

A data breach could be caused by a hack attack, an accident, or, more likely by an employee.

With more sites now being established to collect and publish the leaked data, the temptation is greater for an employee to provide sensitive information to them.

Greater anonymity is an attraction. The act of leaking documents also encourages others to do the same.

Responsible IT managers will admit there are no completely secure systems.

Perhaps, more precisely there are no completely secure businesses unless you get rid of all the employees. But you can focus on damage limitation.

You can focus on placing more controls on the data that carries the highest risk of damaging your business. Once you have weighed the risks for each type of data, resources can be concentrated on reducing those risks.

Some companies even take out insurance to pay for business continuity if a data breach could shut them down completely.

Another method of protection is to limit access to data by having a tiered system. Business crucial information should only be provided to those with the highest level of access.

As many have pointed out, the US government granted access to sensitive diplomatic cables to about three million people, anyone of whom could copy them and take them out of their offices, even a private, the lowest level employee.

The problem for the US government is not with Wikileaks, but with itself. Allowing unrestricted access to all the data was stupidity in itself.

It is a basic business decision to put controls on what can be accessed by whom.

Finally, many commentators suggest having a contract with a professional response team who has handled such situations in the past. But you have to be careful about who you hire.

Major data breaches are few and far behind and may companies claim to be able to handle such situations. Do they really?

That is a question you must ask before handing over a huge retainer fee.

Send any comments and gadget gift suggestions to elamin.ahmed[AT]gmail.com

You must be Registered or to post comment or to vote.

Published December 15, 2010 at 1:00 am (Updated December 15, 2010 at 6:58 am)

Can your business withstand a Wikileak-type attack?

What you
Need to
Know
1. For a smooth experience with our commenting system we recommend that you use Internet Explorer 10 or higher, Firefox or Chrome Browsers. Additionally please clear both your browser's cache and cookies - How do I clear my cache and cookies?
2. Please respect the use of this community forum and its users.
3. Any poster that insults, threatens or verbally abuses another member, uses defamatory language, or deliberately disrupts discussions will be banned.
4. Users who violate the Terms of Service or any commenting rules will be banned.
5. Please stay on topic. "Trolling" to incite emotional responses and disrupt conversations will be deleted.
6. To understand further what is and isn't allowed and the actions we may take, please read our Terms of Service
7. To report breaches of the Terms of Service use the flag icon