The Dark Side of Information Sharing: Protect yoself!

As the use of cloud computing is consistently on the rise so is the occurrence of “hacktivists.” These individuals are labeled as “sophisticated cybercriminals” who have the ability to cause operational disruption and intellectual property loss.[1] McKinsey authors David Chinn, James Kaplan, and Allen Weinberg explain that there is up to $3 trillion dollars lost due to the slowing down of technological and business innovation caused by cyber attacks. In the words of sweet brown, “Aint nobody got time for that!” [2] nor the available funds. In fact, enterprise-technology executives understand that there are necessary changes that must occur but these executives may not be heeding the warnings.

More organizations are investing in preventative methods for security protection. The department of Homeland Security explains that reactionary technology is not sufficient on its own and that security must be utilized as a “constant constraint on all cyber activities.” To further assist organizations the department of Homeland Security created the Defense-In-Depth Strategic Framework. There are six basic tenets in the framework[3]:

1. Know the security risks that an organization faces
2. Quantify and qualify risks
3. Use key resources to mitigate security tasks
4. Define each resource’s core competency and identify any overlapping areas
5. Abide by existing or emerging security standards for specific controls
6. Create and customize specific controls that are unique to an organization

More organizations are investing in sourcing software from public cloud environments. These methods come at a great cost. McKinsey reports that corporate spending on third-party-managed and public-cloud environments will grow from $28 billion (2011) to more than $70 billion in 2015.[4] This does not include the cost of building and accessing private cloud environments. For most companies the investment in accessing public cloud environments is worth the price tag as some executives claim to achieve up to 60-70 percent savings through “software-as-a-service” alternatives.

Understandably, these savings provide very attractive incentive to host public and private cloud sourcing. However, it must be simultaneously understood that preventative methods for security protection are crucial. The greatest issue of cyber hacking is that it greatly reduces an organization’s competitive advantage, as they must slow down operations to address the attack. Obviously the risk of an attack is worth it to achieve much more efficient supply chain networks, however executives much remain vigilant against cyber attacks and should equally invest in a variety of cyber security methods.

Aside from this it is my thought that some cyber hacktivists may be motivated by the privatization of cloud access. They may be driven to reduce cost of access, leveling the competitive advantage experienced by companies with the highest monetary capacity. With the knowledge that overall cyber security for every organization is the most socially efficient outcome for operational costs and business innovation, is it ethical for protection to come at such a great cost?

---

[1]http://www.mckinsey.com/insights/business_technology/risk_and_responsibility_in_a_hyperconnected_world_implications_for_enterprises

[2] https://www.youtube.com/watch?v=zGxwbhkDjZM

[3] https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/Defense_in_Depth_Oct09.pdf

[4]http://www.mckinsey.com/insights/business_technology/protecting_information_in_the_cloud