Current computer and network security, like SSL and VPNs, can trace their origins to cipher systems developed thousands of years ago. The first ciphers are thought to come from ancient Greece and Rome, where generals and politicians wanted to communicate their plans in secret. These early ciphers rearranged letters in a message to make them more difficult to read. Modern encryption standards employ the same basic idea, but today use sophisticated mathematical algorithms to create their codes.
Most likely the first code was a transposition cipher that rearranges the order of letters in a message. This is similar to what you see in Jumble puzzles, where you have to decode the scrambled letters. A substitution cipher replaces letters with other letters. A good example is to replace each letter in a message with the next letter in the alphabet, so ‘hello’ becomes ‘ifmmp’. An early substitution cipher was the Caesar cipher, named after Julius Caesar, where each letter in the message was replaced by a letter 3 positions further down the alphabet. Caesar used this code to communicate secretly with his generals in the field.
Just when you thought it was safe to look at your files again, here comes WikiLeaks the game. This is very funny. You, Julian Assange, must sneak into the Oval Office and download 300,000 classified documents from President Barack Obama’s laptop using a USB drive while he sleeps. It’s harder than it looks, but all in good fun.
Basically this is how Private Bradley Manning stole all the US government classified documents that wound up on WikiLeaks. The game is an online smash, but what it highlights is a serious problem. Have fun, but make sure you are protecting your own documents in real life.
On December 16, 2010 Bill Blake spoke about how to avoid data breaches and leaks in your office during a Webinar sponsored by Toshiba America Business Solutions (TABS). With all the recent attention about sensitive information showing up on WikiLeaks, Bill discussed how you can avoid threats to your company’s confidential documents.
Bill gives some insight into the history of WikiLeaks and how a breakdown in security in the US government gave an insider the opportunity to steal information and make it available to the world. He shows how the perfect storm of means, motive, and opportunity crystalized into a large embarrassment and potential harm for the US government. Preventing a similar occurrence takes a combination of policy, process and technology. Bill shows some simple techniques and technologies to help you control and protect your most important information so this doesn’t happen to you.
If an information security breach occurred, how confident are you that your IT staff and others will know how to respond? Better yet, are you even sure that someone would know you had a breach?
Unless you’re monitoring everything that goes on in your network and computer systems, it’s tough to figure out if you’ve been breached. Losing a sensitive file may not be obvious. If you lose your backup tapes or someone steals a laptop with sensitive information, then you should assume you have a problem.
Take the case of Providence Health & Services, who in 2005 had a laptop bag stolen from an employee’s car during the night. In the bag was a laptop, backup disks and tapes. According to the story, there were unencrypted records from about 365,000 patients on the disks and tapes. The thief was most likely after the laptop and had no interest in the disks and tapes. The thief probably tossed the backup devices into a dumpster. The company reported the theft to law enforcement and that’s when the wheels starting turning.
Organizations spend millions of dollars on perimeter and infrastructure security, but very little on protecting their data and content. Traditionally the goal has been to keep out the bad guys, be they hackers, criminals or someone intent on mischief. Organizations have always assumed that anyone who is already on the inside can be trusted. Unfortunately that doesn’t seem to be the case anymore.
According to a Gartner survey of 1,500 worldwide companies, businesses spend an average of 5% of their total IT budget on security. The spending goes toward firewalls, intrusion detection systems, anti-virus software, virtual private networks, and a variety of other hardware and software systems. These tend to focus on keeping unauthorized traffic off the network. Since a number of the data breaches reported in the news have come from compromised databases, there is an increased focus on locking down that data. While that’s very important, most organizations are not paying enough attention to the content inside electronic documents and email.