[Viewpoint] Preventing hacking not just IT’s job

Home > Opinion > Columns

print dictionary print

[Viewpoint] Preventing hacking not just IT’s job

In movies and novels, infiltrators never use the front door to steal gems or information. The criminals tackle a blind spot not covered by the surveillance system or buy off an insider to gain access.

Tactics are similar in cyberspace. A hacker would not try to break into a highly secured network if he could mount a roundabout attack through a vulnerable home page or PC.

Today, your computer can be affected by malicious software after just one visit to certain Web sites.

The price for using the Web and various software is exposure of our PCs to greater risk.

Computer viruses used to be the most common kind of malware, but now malicious software has evolved. Sending a virus to show off is considered almost romantic these days.

Today, hackers meticulously design malware for cyber crime with a specific objective in mind.

Hackers seized the personal computers of the public as their weapons during the July denial-of-service attacks that shocked the entire nation.

Just as terrorists captured innocents on passenger jets to crash into the World Trade Center on Sept. 11, PCs were controlled by hackers for cyberterrorist attacks over four days.

What requires our attention is the fact that a hacker can obtain the information necessary to attack our IT infrastructure without penetrating the system directly. For example, he can find out about vulnerable PCs and users in advance through internal information.

Where does a hacker get such information? Most of the time, a company insider leaks the crucial info.

For example, when an executive casually mentions the organizational structure of a company to a friend, it can trigger a cyber attack.

Information security is not entirely up to the IT department. Information security policy has to be applied without exception.

I’ve heard people saying you can bypass the security check at a major company if you ride with an executive. The corporate culture and strict hierarchy give such VIPs immunity - and create potential security breaches.

No matter how well designed a security policy is, its effectiveness can be compromised when exceptions are allowed.

Malcolm Gladwell discusses the crash of a Korean Air flight in Guam in his book “Outliers.”

The airplane is controlled by two pilots in the cockpit because they can come to the right decision by consulting and checking with each other. However, in a culture where the junior will never dare to disagree with the senior, communication isn’t smooth, and Gladwell argued that this was one of the causes for the accident.

Active communication of information using IT technology is necessary to enhance the competitiveness of the organization. However, there is a tendency for that communication to be not so transparent when it comes to security.

When rules and orders are excessively strict, employees might want to cover up problems. Therefore, employees and executives need to discuss problems, once exposed, honestly and follow prescribed protocol without an exception.

The leadership of the chief executive determines how thoroughly the security protocols will be executed.

William Parrett wrote in his book, “The Sentinel CEO,” that it is not surprising to hear the word “security” repeatedly in a conversation with a CEO.

He explained that it is a part of a CEO’s job to manage the aggregated risk in the company and maintain information security.

A CEO proposes the general direction and controls the security of a company, as he is the one who manages its resources. The security awareness of the CEO exerts a tremendous impact on the general security level of the company.

When cyber attacks become increasingly multi-dimensional, information security is not exclusively handled by the IT department, and the IT department is not solely responsible.

The corporate culture, awareness of employees and executives, communication channels with the outside, and work efficiency all become much more relevant.

We need to look at information security from a more general perspective in conjunction with other resources.


*The writer is the chief executive officer of AhnLab.
Translation by the JoongAng Daily staff.


by Kim Hong-sun
Log in to Twitter or Facebook account to connect
with the Korea JoongAng Daily
help-image Social comment?
s
lock icon

To write comments, please log in to one of the accounts.

Standards Board Policy (0/250자)