It’s often hard to say whether art imitates life these days or whether it’s the other way around. In either case, it would appear that cybercriminals are fans of the hit USA Networks television show Mr. Robot, a series chronicling the lives of everyone associated with that hack of an entity on the show known as Evil Corp.
In the series a group of “fsociety” hackers cause a global financial meltdown by gaining access to a system used by an external provider of managed IT services to Evil Corp. Now in real life it’s been revealed that a group of hackers have published early samples of ransomware code bearing the very same “fsociety” moniker.
While screenwriters have always made hacking appear to be a lot easier than it truly is, more than a few IT security professionals might want to consider making portions of the Mr. Robot series required viewing for business executives. After all, the leap between the destruction of an entire company in a television show versus what might happen in real life is not all that far.
Of course, not everyone may appreciate the dark personal introspection that the lead character engages in. But the parts of the show that specifically deal with IT security issues are credible. More importantly, they make a point about the risks involving IT security in a way most business leaders can easily understand. Arguably, getting business leaders to truly appreciate those risks is now the single biggest challenge IT security professionals face.
The good news is that most business executives are trained to think in terms of risk. Every business venture comes with risk. Business leaders typically spend most of their time trying to evaluate the risk versus potential gains associated with any initiative. The trouble is that most of them still don’t really understand the risks associated with IT security. They understand that malware can infect a system. They just don’t really appreciate what kind of damage to the business that malware can inflict.
Stolen intellectual property, for example, can wipe out years of research and development investments. In fact, just this week designs for a next generation submarine being built for India were stolen from a French contractor working on the project. By comparison, stealing product development plans from the average business is child’s play for most sophisticated hackers. In the wake of such events regulatory fines invariably tend to soar, while stock valuations tumble. Before too long everyone associated with that organization is looking for another job. That’s a business and personal risk scenario that most business leaders can wrap their minds around.
The challenging facing IT security professionals today is putting the risks associated with IT security in a context business leaders can understand. The natural inclination of a business leader is to think of IT security as being a single digit percentage of an IT budget that is itself a single digit percentage of overall revenue. IT security professionals need to be able to identify the core assets of the business and then explain in plain language not only what it is really required to protect them, but also the consequences the loss of control of those assets entails to the business.
Viewed in that context, Mr. Robot suddenly becomes a lot more than just another television series glamorizing the exploits of a bunch of hackers operating on the fringes of society. Rather, it becomes an object lesson in why a little extra paranoia about IT security may very well be good for business after all.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.