I often recommend Dr. John Halamka’s posts to colleagues, and this one in particular needs to be read.
Life as a Healthcare CIO always comes through with something of value to knowledge strategists, and the April 12 post really got me thinking. My guess is that most of us in the KM/knowledge services “side” of the knowledge domain tend to be pretty lazy about such things as cybersecurity (although I hope that’s changing as we continue to pull away at the “wall” between IT and KM). I have a tiny bit of experience with some of this, but I’m nowhere near any sort of professional or expert in how unscrupulous players get into our data and do bad things.
In Dr. Halamka’s description of a recent security breach at RSA Security, which RSA has shared, he tells a fascinating (and scary) story. Knowledge strategists should take a look.
Not only does Dr. Halamka describe the security breach, he provides us with some basic training in what we need to know about the four “stages” of cybercrime. Here’s what he says, noting that “the attack was remarkably sophisticated and illustrates the evolution of cybercrime over the past 10 years”:
1st Generation – Because I can
Worms, defacement of web sites
2nd Generation – I can make money
Botnets appear, denial of service attacks, seeking payment to stop attacks
3rd Generation – Organized crime
Large scale management of attacks, coordinated use of tools and techniques, trojans, worms Phishing, targeted attacks
4th Generation – Selling the tools
Tools to perform attacks become “vended” with 24/7 support available, Botnet rentals, sophisticated Id theft services, Licensed Malware appears, Exploit knowledge is sold. Social Networks just for cybercriminals appear. Cybercrime supply chains are formalized and fine tuned.
Dr. Halamka continues: “I’ve described security as a Cold War – the faster we implement protections, the faster the cybercriminals innovate.”
Let’s learn more and encourage the knowledge strategists we work with to thinking about cybersecurity.