The UC Berkeley Breach – You Don’t Know What You Don’t Know
May 11, 2009 1 Comment
You don’t know what you don’t know.
Or, you don’t know what you are content to not know. Or, you don’t know what you don’t know because you have put way too much trust in one vendor, one product, or one methodology.
No matter what fits you and your organization the best, there is a very good chance that you are under attack right now and you do not know it. Data is being surgically extracted from your systems on a continuous basis.
Ask the folks at UC Berkeley who are coming to terms that a system containing medical information and personally identifiable data was breached for over six months. The estimate is that data was stolen for over 160,000 students and associated people. The capper for me was that the breach was only discovered during routine maintenance when messages left by the hackers were found. Had the hackers not left these messages, it is highly likely that the breach would still be active.
The UC Berkeley story is not unique; it is just the latest of what has been discovered. While at Cybertrust our Forensics/Incident Response team would regale me with stories of breaches that went undetected for what seemed to be unbelievably long periods of time. But in the face of these stories, organizations continue to reconcile the threats away as long as it does not happen to them. Or more accurately, as long as they don’t know it is happening to them.
I have used this quote before, but it is apropos: Churchill said that man occasionally stumbles over the truth, but far too often picks himself up and continues on as if nothing happened. UC Berkeley is certainly not the first such incident we have stumbled on, and certainly it won’t be the last. But maybe you may not want to pick yourself up and continue on so quickly and consider that you don’t know what you don’t know.
And then consider if there are alternative technologies that can help you see more clearly what you don’t know. Look past the “usual suspects” and consider that there are viable alternatives in the market that may bear a close look. We happened to think what we offer at Triumfant is one of those technologies. But regardless of what you evaluate, you need to consider if you are really as protected as you think.
Because when you find out what you don’t know, it may be on the front page of the morning paper.