WikiLeaks Could Have Been Prevented with Better Access Controls
WikiLeaks could have been prevented with better access controls
Clearly, once information is available online-whether government cables or music-the people who own the information have lost all control over it. They can discuss new laws to accommodate new technologies, ethics and so on, but an equally pertinent question is, "What could we have done to prevent this in the first place?"
Organizations industry-wide are abuzz with what happened with WikiLeaks. Unfortunately, many are focusing on the "Wiki" and not the leaks. Providers have shown good faith by shunning DNS and hosting services to the WikiLeaks site. What will follow is a game of Whack-A-Mole. Case in point: Napster music sharing was replaced with platforms such as LimeWire and BitTorrent.
The WikiLeaks loss represents yesterday's clumsy virus. Quite simply, the leak originated from a low-level analyst trusted to follow policy. While the security community is focused on emerging, persistent threats capable of sophisticated and coordinated attacks on nuclear plants (Stuxnet), let us not forget that we continue to be at great risk from much less sophisticated threats such as trusted insiders with access controls that are enforced with basic tools such as handbooks and written policy.