Our inaugural #SecChat in November raised questions on securing PHI, while our December discussion turned to the buzz and security debate around the recent Wikileaks saga. The conversation was certainly heated, with 70 contributors tuning in for the chat and 466 tweets with the #SecChat hashtag.
When it comes to Wikileaks, there’s a lot to discuss. The notion of hacktivism not only presents enterprise security concerns but raises questions about the root of the issue – is Wikileaks more about breach and disclosure or data confidentiality? Wikileaks has shed light on hacktivism as a popular vein of APT. What can businesses do to learn from hacktivism into 2011?
Our chat participants felt DLP was a good place to start but not a silver bullet. A surprising statistic was that 30% of reported data breaches are caused by accidental internal users and 13% of reported data breaches are through malicious internal users. However, it’s speculated that insider statistics are actually much higher, because we don’t have accurate numbers on those who haven’t been caught. @CTOGoneWild stated when DLP is done right, it gives both protection from the known, and forensic ability on the unknown to the enterprise.
Another important issue that @MikD brought up was: What happens when sensitive data goes from just credit cards to corporate-secret-sauce? @mckeay made a good point noting that “credit card data affects your customers, secret sauce data affects your company’s ability to make money,” but which is more important?
The threatened release of Bank of America documents definitely turns the focus to private enterprise. So, how do companies protect themselves? @gacevedo predicted that encryption will be a key component. @DaveMarcus pointed out that insider threats go past one particular technology with current disjointed education. @andrewsmhay felt that social engineering experts actually operate more effectively than insiders.
To our blog readers, what are your thoughts on Wikileaks? How do you see Wikileaks impacting the information security community one year from now, five years from now? When it comes to Wikileaks, it seems some questions still remain unanswered.
We hope you’ll join @IntelSec_Biz in January for another #SecChat. The topic is TBD. Feel free to suggest topics by @replying our Twitter handle!