THE ‘‘ROOP’’ COLUMN…CYBER CRIME – Understanding the Threat

Jun 29, 2008 Features / Columnists

---

INTRODUCTION: 
This last week, someone allegedly used the Internet Protocol (IP) address assigned to Kaieteur News to send a message to the Minister of Agriculture.  So far, it has not been traced to a physical computer at the newspaper’s office.

The IP addressed is assigned by the internet provider, which is GT&T in this case.   There are many ways such a message could be sent such as someone hacking the IP address and using it from another SMS provider or even directly from the internet provider.

What I found even more interesting is that the latest papers that calls themselves the “beacon of truth” spent front page space coverage on the alleged incident without understanding the many ways such an incident could have occurred. 

 I recommend they wait until a true technological forensic investigation is completed prior to making accusations.

In my 2006 book “Securing Business Intelligence” I addressed the cyber threat to businesses and outlined the risk assessment and mediation steps they must take in order to protect their data. 

New firms would love to get their hands on a competitor’s computer drive in order to gather intelligence on strategies, approach, cost and personnel.

CYBER THREATS:
Over the last few years, the events in terrorism alerted the world to a new kind of threat, one that can put companies out of business and claim countless lives. It became clear that terrorists could penetrate and subvert seemingly secure locations, destroying at will.  Businesses must examine their vulnerabilities in all areas – among them the area of cyber-security. 

The world of the Internet, networks and cyberspace had already been compromised numerous times.  Two facts are now inescapable for businesses with heavy technology investments:

– Cyber-crime is rampant.
– Cyber-crime can cause great damage to businesses, to the well-being of the country’s economy and to national security of a nation.

It became patent that a see-no-evil, laissez-faire policy was no longer tolerable, that the “network neighbourhood” was not safe and that a new awareness was necessary.

Governments and business leaders also grew more aware that our civilization is passing into a new phase. We are no longer in the age of industry, but in the age of knowledge.  Whereas the principal assets of an organization used to be tangible, now our economy and national security rest upon secure knowledge.

Furthermore, this knowledge is not confined to discrete written records hidden in private office files but stored electronically in shared cyberspace – where it can be misappropriated by unauthorized and hostile parties. Business leaders are more aware of these dangers, but few are doing enough to prepare.

PROTECTING KNOWLEDGE:
Knowledge must be protected as an asset, and it must be protected as security, for the security of an organization and of the nation depends upon its knowledge being inviolate. 

Thus, we face a new challenge: how to secure knowledge against unauthorized entry while at the same time making that knowledge easily accessible to those who need it. The answer to this dilemma has been sought by many. This has resulted in a variety of paradigms and systems – but all of them share a common theme: the foundation of proper knowledge usage can no longer be left uncontrolled and unregulated. Every organization must have an integrated program of knowledge management. Knowledge management has two main foci:

1. It makes the knowledge within an organization as open to common usage as possible.
This concept deals both with explicit and tacit knowledge. Explicit knowledge is traditional knowledge – i.e., traditional ways in which an entity’s knowledge has been stored, such as in reports, manuals and so forth.
Tacit knowledge is the knowledge of experts that is often not communicated in a way that is meant to be stored – e.g., it is shared orally, such as in meetings and conversations, or in ephemeral media such as email or message boards.

Knowledge Management deals with how to harvest and save that knowledge, and how to create an arena in which all users in an organization can access the resource of that knowledge and, as well, the resource of other people who have the knowledge.  It does so by providing resources in the technology domain and introducing change in the human capital domain.

a. In the technology domain: knowledge management introduces software that makes it easy to share knowledge in a variety of ways: easy and powerful search tools, the conversion of various media (email, word processor, spreadsheet) to a common, interchangeable language, nodules where it is easy for people who share a common expertise or interest to connect with each other.

b. In the human capital domain: knowledge management introduces a new culture in which employees are encouraged to share, rather than hoard their knowledge.

2. Knowledge management makes the knowledge within an organization as secure as possible. Proper knowledge management protects an organization’s knowledge bank from being accessed by unauthorized users.  It does so by protecting the technology domain and the human capital domain.

a. The technology domain is that of the computer – its hardware and software. This is protected through technical means: anti-virus programs, firewalls, encryption and so forth. But no system can rely upon technological tools to remain secure.  Therefore, knowledge management must also address the area of

b. The human capital domain: Workers must be made aware of the dangers of unauthorized access to knowledge and must be educated and acculturated to a new way of acting and thinking. Knowledge security must become second nature, as much as locking one’s car door and setting the house alarm.

CONCLUSION:
Businesses must look at the security aspect of knowledge and knowledge management: how to protect against hostile misuse of knowledge, particularly knowledge in cyberspace.

It is my hope that you, the reader, will take away with you a new appreciation of the challenges that face us and of the resources that will be needed not only to meet those challenges but to take your enterprises to a new level.  We cannot defer these issues merely because they are hard to quantify, but must consider the future cost of failing to act.

Email:[email protected]
www.visionguyana.com

---

---