In another article, I warned of growing threats from hackers. "Early in 1997 the Office of Strategic Crime Assessment (OSCA) conducted a study on computer crime and security, canvassing a number of Australia's top 500 companies and government. It showed that while in the past most attacks on systems had been by insiders, attacks from the outside are now on the increase.
"So is Australia vulnerable to criminal or terrorist attack against its information infrastructure? Is the Pope a Catholic? Is the Millennium Bug a headache? You bet your sweet life."
I also wrote: "Corporations spend billions each year protecting the confidentiality and integrity of their information. You and your team may excel in using data encryption and key management to protect your secrets and stop your data from being modified. You can create strong user identification and authentication; you put immense effort into ensuring backup and redundancy are in place and fully working; you put firewalls in place or air gap your systems to protect against intrusion. What you cannot be expected to defend against is denial-of-service attacks, electromagnetic pulse bombs (EMP) or other deliberate criminal assaults against crucial infrastructure components."
Hardly a Clue
The extent of Internet-related fraud was an eyebrow-raiser. A 1997 Deloitte & Touche report commissioned by the European Union found cross-border fraud involving Internet abuse, smuggling, banking and investment frauds was costing society $US77 billion a year. Of those, the largest single threat came from Internet fraud because of the vulnerability of encryption technology to sophisticated computer vandalism.
In Australia, business and regulatory authorities were warning about the massive potential for fraud to cross borders and for international shysters to "eat into the Australian economy", partly because of the trend towards e-commerce.
The report Taking Fraud Seriously: Issues and Strategies for Reform estimated fraud was costing Australia more than $3.5 billion a year and adding $21 to the cost of each insurance policy. Written by the Australian Institute of Criminology for the Institute of Chartered Accountants Fraud Advisory Council, the report noted the global electronic village had brought about a significant growth in fraud opportunity through new products, services and service delivery channels. Yet there had been no concomitant improvement in detection and prosecution, with fraud control, detection and prosecution techniques all being run at national levels, rather than under an international approach. Technology-induced globalization was compounding the problem.
"This is no more apparent than in the financial sector," the report said. "Bonnie and Clyde no longer have to turn up at a branch in order to rob the bank. Indeed, if they did, they would be severely limiting their potential 'take'. They would now be more likely to try to rob the bank through a technology-assisted approach, from the other side of the world."
All of it was true, but in my writings, richly peppered with other people's sage advice, I sadly (and foolishly) found little to personally relate to. After all, I was not an IT manager. I was sitting here at home, minding my own business, as it were. What, me worry?
You see, in my experience a competent journalist, given sufficient time and access to the experts, can write intelligibly and intelligently about almost any subject. That doesn't guarantee they will take any of that wisdom to heart, especially when it has been drilled into them that good journalists leave themselves entirely out of any story. Indeed, it was in accumulating knowledge about IT security that I first started to appreciate that writing meaningfully about a subject and internalizing that knowledge are two different things. So I wrote frequently about corporate security and read about it even more often, watching with the sort of detached cynicism that comes naturally to many journalists as business after business got into deep doo-doo.
Then I suffered my first virus attack (and yes, I did say first: there were indeed more to come - talk about a slow learner), experienced a calamitous loss of data and cost myself hours of pointless work.
Now you might choose to liken that to renowned Bear-of-Little-Brain Winnie the Poo smugly contemplating the air-headed antics of Rabbit or Eeyore and feeling nicely superior. I might lamely reply that actually I scored rather highly on Stanford-Binet and achieved a very good academic degree, thank you very much, but basically, you'd be right. I was indefensibly stupid, and I paid a very high price for that stupidity.
And in that, I think, I mirrored very many people in Australia and around the world.
I know better these days of course - enough to take strenuous steps every day and week to protect and back up my systems, and enough to know that even my best efforts might one day prove inadequate. Hey! Even a Bear-of-Little-Brain can sometimes learn from her mistakes.
(And I know, I know, the sub-title of this piece references the Donkey, not the Bear, but isn't that what many of us feel like when we succumb to a security threat?)
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.