October 10th, 2005
Threat Hierarchy
I used to do a lot of breakfast seminars. Well, I still do a lot of breakfast seminars. But I used to have a slide that depicted the threat hierarchy. It was a list from low threat to high threat. I did not create it. I am sure credit lies here. It went like this:
-Experimentation
-Defacement
-Hacktivism
-Cybercrime
-Information Warfare.
Experimentation is still a relevant threat. If your organization likes to expose everything over the intranet you may have problems with users that notice for instance that their employee ID number is used in the URL window of the browser. Change that number and they can see their co-worker’s 401K plan!
Defacement used to be a real headline grabber. Remember the day the NY Times website got defaced? Now defacement is embarrassing but no one really cares. Unless you are a security company; then it can be pretty bad.
Hacktivism was the idea that hackers would deface websites and attack online resources to further their ideological cause. This still goes on in the Mideast and between Pakistan and India.
Then I got to cybercrime. I used to say: “There is no Lex Luther of the Internet�. Well that was then, this is now. There are thousands, probably tens of thousands of Lex Luther’s of the Internet. Scam sites that steal your credit card info, phishing sites, adware, Trojans, extortion. Billions of dollars are going into the pockets of cyber criminals.
So, it turns out that the threat hierarchy is a timeline! Yes, things are getting worse as time goes by.
Information warfare? I see it. Do you?
Richard Stiennon is an industry consultant. See his full profile and disclosure of his industry affiliations.
